A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim...
5.4CVSS
5.1AI Score
0.001EPSS
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra...
6.1CVSS
6.2AI Score
0.001EPSS
modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue....
6.8AI Score
0.034EPSS
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary...
6.3AI Score
0.0004EPSS