CVE-2023-52069
https://notcve.org/view.php?id=CVE-2023-52069
kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter. Se descubrió que kodbox v1.49.04 contenía una vulnerabilidad de cross site scripting (XSS) a través del parámetro URL. • https://blog.mo60.cn/index.php/archives/Kodbox_Stored_Xss_2.html https://blog.mo60.cn/index.php/archives/Kodbox_Stored_Xss_2.html_Password_Xss_2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-52068
https://notcve.org/view.php?id=CVE-2023-52068
kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. Se descubrió que kodbox v1.43 contenía una vulnerabilidad de cross site scripting (XSS) a través de los registros de operación e inicio de sesión. • https://blog.mo60.cn/index.php/archives/Kodbox_Stored_Xss.html_Password_Kodbox_Stored_Xss1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39691
https://notcve.org/view.php?id=CVE-2023-39691
An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request. Un problema descubierto en kodbox hasta la versión 1.43 permite a los atacantes agregar arbitrariamente cuentas de administrador mediante una solicitud GET manipulada. • https://blog.mo60.cn/index.php/archives/kodbox_Logical.html •
CVE-2023-49489
https://notcve.org/view.php?id=CVE-2023-49489
Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. Vulnerabilidad de Cross Site Scripting (XSS) Reflejado en KodeExplorer versión 4.51 permite a los atacantes obtener información confidencial y escalar privilegios a través del parámetro APP_HOST en config/i18n/en/main.php. • https://github.com/kalcaddle/KodExplorer/issues/526 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-6853 – kalcaddle KodExplorer app.php index server-side request forgery
https://notcve.org/view.php?id=CVE-2023-6853
A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 https://note.zhaoj.in/share/oaYHbDTnPiU3 https://vuldb.com/?ctiid.248221 https://vuldb.com/?id.248221 • CWE-918: Server-Side Request Forgery (SSRF) •