Every CVE whose affected-product data names Citadel Webcit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2020-27739 — CVSS 9.8 (critical): A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in…
CVE-2009-0364 — CVSS 7.5 (high): Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote…
CVE-2007-3821 — CVSS 7.5 (high): Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other…
CVE-2020-27742 — CVSS 6.5 (medium): An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone…
CVE-2020-27741 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or…
CVE-2020-29547 — CVSS 5.9 (medium): An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP…
CVE-2020-27740 — CVSS 5.3 (medium): Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to…
CVE-2021-37845 — CVSS 3.7 (low): An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext…
CVE-2007-3822 — CVSS 2.6 (low): Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via…