Codologic: >> Codoforum Security Vulnerabilities
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
CVSS Score
6.1
EPSS Score
0.018
Published
2020-01-07
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-07
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-05
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
CVSS Score
4.8
EPSS Score
0.005
Published
2020-01-05
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
CVSS Score
5.0
EPSS Score
0.155
Published
2015-03-23
Page 2