Cotonti: >> Cotonti Siena Security Vulnerabilities
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-16
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-06-02
A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-02-08
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-09-05
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).
CVSS Score
4.8
EPSS Score
0.002
Published
2022-09-05
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
CVSS Score
7.5
EPSS Score
0.01
Published
2013-08-09