Codologic: Security Vulnerabilities
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
CVSS Score
6.1
EPSS Score
0.018
Published
2020-01-07
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-07
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-05
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
CVSS Score
4.8
EPSS Score
0.005
Published
2020-01-05
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
CVSS Score
5.0
EPSS Score
0.155
Published
2015-03-23
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
Page 2