Page 2 of 13 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Codoforum 4.8.8 allows self-XSS via the title of a new topic. Codoforum versión 4.8.8, permite un ataque de tipo XSS propio, por medio del título de un nuevo tema. • https://github.com/matuhn/Research/blob/master/codoforum/readme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. Codologic Codoforum versiones hasta 4.8.4, permite un ataque de tipo XSS basado en DOM. Mediante la creación de un nuevo tema como un usuario normal, es posible agregar una encuesta que se carga automáticamente en el DOM una vez que thread/topic es abierto. • https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845 https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. Codologic Codoforum hasta la versión 4.8.4 permite XSS almacenado en el área de inicio de sesión. Esto es relevante en conjunción con CVE-2020-5842 porque las cookies de sesión carecen del indicador HttpOnly. • https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845 https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page. Codoforum versión 4.8.3, permite un ataque de tipo XSS en la página de registro de usuario: por medio del campo username en el URI index.php? • https://medium.com/%40prasanthc41m/cve-2020-5842-stored-xss-vulnerability-in-codoforum-4-8-3-b2e1133c6a91 https://www.exploit-db.com/exploits/47876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. Codoforum versión 4.8.3, permite un ataque de tipo XSS en el panel de administración por medio de una categoría en la pantalla Manage Users. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/persistent-cross-site-scripting-admin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •