CVE-2020-21494

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
References
Link Resource
https://gitee.com/xiuno/xiunobbs/issues/I16BHH Issue Tracking Third Party Advisory
https://github.com/wanghaiwei/xiuno-docker/issues/4 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xiuno:xiunobbs:4.0.4:*:*:*:*:*:*:*

Information

Published : 2021-10-04 14:15

Updated : 2021-10-13 13:07


NVD link : CVE-2020-21494

Mitre link : CVE-2020-21494


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

xiuno

  • xiunobbs