CVE-2020-5843
https://notcve.org/view.php?id=CVE-2020-5843
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. Codoforum versión 4.8.3, permite un ataque de tipo XSS en el panel de administración por medio de una categoría en la pantalla Manage Users. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/persistent-cross-site-scripting-admin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5306
https://notcve.org/view.php?id=CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Codoforum versión 4.8.3, permite un ataque de tipo XSS por medio de una publicación utilizando los parámetros display name, title name, o content. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in.html https://www.exploit-db.com/exploits/47886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5305
https://notcve.org/view.php?id=CVE-2020-5305
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. Codoforum versión 4.8.3, permite un ataque de tipo XSS en el panel de administración por medio de un campo de nombre de un nuevo usuario, es decir, en la pantalla Manage Users. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in_2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •