Giters

hacky1997 / CVE-2020-8825

VanillaForum 2.6.3 allows stored XSS.

Home Page:https://vanillaforums.com/en/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

php7xss-vulnerabilityxss-poccve-2020-8825

CVE-2020-8825

cve

Publish:

CVE-2020-8825

Vendor:

PHP VanillaForum

Description:

The vulnerability exists due to insufficient sanitization of user-supplied data passed to "index.php?p=/dashboard/settings/branding" URL. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Environment:

Version: 2.6.3
OS: Windows 10, Linux
PHP: 7
URL: index.php?p=/dashboard/settings/branding

Proof of Concept:

vanilla

Assigned by:

Sayak Naskar

About

VanillaForum 2.6.3 allows stored XSS.

https://vanillaforums.com/en/

php7xss-vulnerabilityxss-poccve-2020-8825

License:MIT License