Citadel: >> Citadel Security Vulnerabilities
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-10-04
modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVSS Score
5.0
EPSS Score
0.015
Published
2011-06-21