Citadel
Sign in to watchby Citadel
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44272 | 0.00 | — | 0.00 | Oct 4, 2023 | A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user. | ||
| CVE-2011-1756 | 0.00 | — | 0.01 | Jun 21, 2011 | modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. |