Skip to main content

Codoforum CVE-2020-7051

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-02-13 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 13, 2020 - 16:15 nvd
MEDIUM 6.1

DescriptionNVD

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover.

AnalysisAI

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. Affected products include: Codologic Codoforum. Version information: through 4.8.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-9261 MEDIUM POC
5.0 Mar 23

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which

CVE-2022-31854 HIGH POC
7.2 Jul 07

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin

CVE-2020-21845 MEDIUM POC
6.1 Sep 14

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'. Rated medium severity (CVSS 6.1),

CVE-2020-5842 MEDIUM POC
6.1 Jan 07

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI.

CVE-2020-9007 MEDIUM POC
5.4 Feb 16

Codoforum 4.8.8 allows self-XSS via the title of a new topic. Rated medium severity (CVSS 5.4), this vulnerability is re

CVE-2020-5843 MEDIUM POC
4.8 Jan 07

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. Rated medium severity (CVSS

CVE-2020-5306 MEDIUM POC
4.8 Jan 05

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Rated medium severity (CVSS

CVE-2020-5305 MEDIUM POC
4.8 Jan 05

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. Rate

CVE-2020-7050 MEDIUM
5.4 Feb 15

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. Rated medium severity (CVSS 5.4), this vulnerability is remote

Share

CVE-2020-7051 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy