Vendor

Cotonti

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2021-47808	Cotonti Cotonti	—	0.00	Jan 15, 2026	Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
CVE-2025-44115	Cotonti Cotonti	—	0.00	Jun 2, 2025	A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
CVE-2013-4789	Cotonti Cotonti Siena	—	0.01	Aug 9, 2013	SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.

CVE-2021-47808Jan 15, 2026
Cotonti
Cotonti
risk 0.00cvss —epss 0.00
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
CVE-2025-44115Jun 2, 2025
Cotonti
Cotonti
risk 0.00cvss —epss 0.00
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
CVE-2013-4789Aug 9, 2013
Cotonti
Cotonti Siena
risk 0.00cvss —epss 0.01
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.