SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
8.4AI Score
0.007EPSS
4.8CVSS
4.7AI Score
0.001EPSS
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).
4.8CVSS
4.7AI Score
0.001EPSS
A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
5.4CVSS
5.1AI Score
0.0004EPSS