CVE-2020-21494

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
References
Link Resource
https://gitee.com/xiuno/xiunobbs/issues/I16BHH Issue Tracking Third Party Advisory
https://github.com/wanghaiwei/xiuno-docker/issues/4 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xiuno:xiunobbs:4.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-10-04 21:15

Updated : 2024-02-28 18:48


NVD link : CVE-2020-21494

Mitre link : CVE-2020-21494

CVE.ORG link : CVE-2020-21494


JSON object : View

Products Affected

xiuno

  • xiunobbs
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')