Home/Product/codologic codoforum
Product

codologic codoforum

16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2020-22540
all versions
Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive
5.4MEDIUM
 CVE-2020-22539
all versions
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code v
7.2HIGH
 CVE-2022-31854
all versions
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.
7.2HIGH
 CVE-2020-25879
all versions
A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers
5.4MEDIUM
 CVE-2020-25876
all versions
A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to exe
5.4MEDIUM
 CVE-2020-25875
all versions
A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to e
5.4MEDIUM
 CVE-2020-13873
< 4.9
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pr
9.8CRITICAL
 CVE-2020-21845
all versions
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'
6.1MEDIUM
 CVE-2020-9007
all versions
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
5.4MEDIUM
 CVE-2020-7050
<= 4.8.4
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a pol
5.4MEDIUM
 CVE-2020-7051
<= 4.8.4
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because
6.1MEDIUM
 CVE-2020-5842
all versions
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payloa
6.1MEDIUM
 CVE-2020-5843
all versions
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
4.8MEDIUM
 CVE-2020-5306
all versions
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
4.8MEDIUM
 CVE-2020-5305
all versions
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
4.8MEDIUM
 CVE-2014-9261
all versions
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows rem
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh