Cotonti Siena vulnerabilities
6 known vulnerabilities affecting cotonti/cotonti_siena.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2013-4789P3HIGHCVSS 7.5PoC≤ 0.9.13v0.9.0+12 more2013-08-09
CVE-2013-4789 [HIGH] CWE-89 CVE-2013-4789: SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
nvd
CVE-2021-47808P4MEDIUMCVSS 5.4v0.9.192026-01-16
CVE-2021-47808 [MEDIUM] CWE-79 CVE-2021-47808: Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
nvd
CVE-2025-44115P4MEDIUMCVSS 5.4v0.9.252025-06-02
CVE-2025-44115 [MEDIUM] CWE-79 CVE-2025-44115: A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
nvd
CVE-2024-24115P4MEDIUMCVSS 5.4v0.9.242024-02-08
CVE-2024-24115 [MEDIUM] CWE-79 CVE-2024-24115: A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 a
A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
nvd
CVE-2022-39840P4MEDIUMCVSS 4.8v0.9.202022-09-05
CVE-2022-39840 [MEDIUM] CWE-79 CVE-2022-39840: Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).
nvd
CVE-2022-39839P4MEDIUMCVSS 4.8v0.9.202022-09-05
CVE-2022-39839 [MEDIUM] CWE-79 CVE-2022-39839: Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
nvd