A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.
References
| Link | Resource |
|---|---|
| https://codoforum.com/ | Product |
| https://github.com/r0ck3t1973/xss_payload/issues/3 | Exploit Issue Tracking Third Party Advisory |
| https://codoforum.com/ | Product |
| https://github.com/r0ck3t1973/xss_payload/issues/3 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 05:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://codoforum.com/ - Product | |
| References | () https://github.com/r0ck3t1973/xss_payload/issues/3 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2021-07-09 22:15
Updated : 2024-11-21 05:18
NVD link : CVE-2020-25876
Mitre link : CVE-2020-25876
CVE.ORG link : CVE-2020-25876
JSON object : View
Products Affected
codologic
- codoforum
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')