Summary
Detail | |||
---|---|---|---|
Vendor | Cotonti | First view | 2013-08-09 |
Product | Cotonti Siena | Last view | 2025-06-02 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
0 | 2025-06-02 | CVE-2025-44115 | A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. |
4.8 | 2022-09-05 | CVE-2022-39840 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). |
4.8 | 2022-09-05 | CVE-2022-39839 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. |
7.5 | 2013-08-09 | CVE-2013-4789 | SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
33% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
ExploitDB Exploits
id | Description |
---|---|
27287 | Cotonti 0.9.13 - SQL Injection Vulnerability |