Vyshnav Nk

#10649of 53,633
25.9Total CVSS
Vulnerabilities · 5
Medium
5
PT-2020-15858
5.4
2020-09-15
Elkarbackup · Elkarbackup · CVE-2020-24924
**Name of the Vulnerable Software and Affected Versions** ElkarBackup version 1.3.3 **Description** A Persistent Cross-site Scripting issue is found, allowing an attacker to steal the user session cookie. This issue is present on the `Policies >> action >> Name Parameter`. **Recommendations** For ElkarBackup version 1.3.3, consider restricting access to the `Name Parameter` in the Policies section until a patch is available. As a temporary workaround, avoid using the vulnerable `Name Parameter` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-15398
6.1
2020-09-14
Codoforum · Codoforum · CVE-2020-21845
**Name of the Vulnerable Software and Affected Versions** Codoforum version 4.8.3 **Description** The issue allows HTML Injection in the 'admin dashboard Manage users Section.' **Recommendations** For Codoforum version 4.8.3, update to a newer version that contains a fix for this issue.
PT-2020-18752
4.8
2020-01-07
Codoforum · Codoforum · CVE-2020-5843
**Name of the Vulnerable Software and Affected Versions** Codoforum version 4.8.3 **Description** The issue allows for XSS in the admin dashboard via a category to the Manage Users screen. **Recommendations** For Codoforum version 4.8.3, update to a version that fixes this issue, as using the current version poses a security risk due to the XSS vulnerability in the admin dashboard. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-18394
4.8
2020-01-05
Codoforum · Codoforum · CVE-2020-5305
**Name of the Vulnerable Software and Affected Versions** Codoforum version 4.8.3 **Description** The issue allows for XSS in the admin dashboard via a name field of a new user on the Manage Users screen. **Recommendations** For Codoforum version 4.8.3, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-18395
4.8
2020-01-05
Codoforum · Codoforum · CVE-2020-5306
**Name of the Vulnerable Software and Affected Versions** Codoforum version 4.8.3 **Description** The issue allows for XSS attacks through posts using parameters such as `display name`, `title name`, or `content`. **Recommendations** For Codoforum version 4.8.3, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.