This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cotonti First view 2013-08-09
Product Cotonti Siena Last view 2025-06-02
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:cotonti:cotonti_siena:0.9.20:*:*:*:*:*:*:* 2
cpe:2.3:a:cotonti:cotonti_siena:0.9.7:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.8:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.9:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.10:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.3:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.5:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.11:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.12:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.2:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.1:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.4:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.6:*:*:*:*:*:*:* 1
cpe:2.3:a:cotonti:cotonti_siena:0.9.25:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
0 2025-06-02 CVE-2025-44115

A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
4.8 2022-09-05 CVE-2022-39840

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).
4.8 2022-09-05 CVE-2022-39839

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
7.5 2013-08-09 CVE-2013-4789

SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

ExploitDB Exploits

id Description
27287 Cotonti 0.9.13 - SQL Injection Vulnerability