CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5843
https://notcve.org/view.php?id=CVE-2020-5843
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. Codoforum versión 4.8.3, permite un ataque de tipo XSS en el panel de administración por medio de una categoría en la pantalla Manage Users. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/persistent-cross-site-scripting-admin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-5306
https://notcve.org/view.php?id=CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Codoforum versión 4.8.3, permite un ataque de tipo XSS por medio de una publicación utilizando los parámetros display name, title name, o content. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in.html https://www.exploit-db.com/exploits/47886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5305
https://notcve.org/view.php?id=CVE-2020-5305
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. Codoforum versión 4.8.3, permite un ataque de tipo XSS en el panel de administración por medio de un campo de nombre de un nuevo usuario, es decir, en la pantalla Manage Users. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in_2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 15%CPEs: 1EXPL: 4CVE-2014-9261 – CodoForum 2.5.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2014-9261
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. La función sanitize en Codoforum 2.5.1 no implementa correctamente el filtrado para secuencias de salto de directorio, lo que permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro path en index.php. Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability. • https://www.exploit-db.com/exploits/36320 http://osvdb.org/show/osvdb/119412 http://packetstormsecurity.com/files/130739/Codoforum-2.5.1-Arbitrary-File-Download.html http://security.szurek.pl/codoforum-251-arbitrary-file-download.html http://www.exploit-db.com/exploits/36320 https://codoforum.com/documentation/roadmap • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •