Chronoengine Chronoforums vulnerabilities
3 known vulnerabilities affecting chronoengine/chronoforums.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2021-28377P3MEDIUMCVSS 5.3PoCv2.0.112022-01-12
CVE-2021-28377 [MEDIUM] CWE-22 CVE-2021-28377: ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
nvd
CVE-2020-27459P4MEDIUMCVSS 6.1v2.0.112020-11-16
CVE-2020-27459 [MEDIUM] CWE-79 CVE-2020-27459: Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post.
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.
nvd
CVE-2021-28376P4LOWCVSS 2.7v7.0.72022-01-12
CVE-2021-28376 [LOW] CWE-22 CVE-2021-28376: ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.
nvd