CVE-2020-5306
https://notcve.org/view.php?id=CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Codoforum versión 4.8.3, permite un ataque de tipo XSS por medio de una publicación utilizando los parámetros display name, title name, o content. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in.html https://www.exploit-db.com/exploits/47886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5305
https://notcve.org/view.php?id=CVE-2020-5305
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. Codoforum versión 4.8.3, permite un ataque de tipo XSS en el panel de administración por medio de un campo de nombre de un nuevo usuario, es decir, en la pantalla Manage Users. • http://codologic.com/forum/index.php?u=/category/news-and-announcements https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in_2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-9261 – CodoForum 2.5.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2014-9261
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. La función sanitize en Codoforum 2.5.1 no implementa correctamente el filtrado para secuencias de salto de directorio, lo que permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro path en index.php. Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability. • https://www.exploit-db.com/exploits/36320 http://osvdb.org/show/osvdb/119412 http://packetstormsecurity.com/files/130739/Codoforum-2.5.1-Arbitrary-File-Download.html http://security.szurek.pl/codoforum-251-arbitrary-file-download.html http://www.exploit-db.com/exploits/36320 https://codoforum.com/documentation/roadmap • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-5952 – Joomla Freichat Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5952
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php. Múltiples vulnerabilidades de XSS en el componente Freichat (com_freichat), posiblemente 9.4 y anteriores, para Joomla! permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del (1) parámetro id o (2) xhash hacia client/chat.php o (3) parámetro toname hacia client/plugins/upload/upload.php. Joomla Freichat component suffers from multiple cross site scripting vulnerabilities. • http://archives.neohapsis.com/archives/fulldisclosure/2014-03/0275.html http://packetstormsecurity.com/files/125737 http://secunia.com/advisories/57361 http://www.securityfocus.com/bid/66254 https://exchange.xforce.ibmcloud.com/vulnerabilities/91824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •