CVE-2020-25875

A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.
References
Link Resource
https://codoforum.com/ Product
https://github.com/r0ck3t1973/xss_payload/issues/4 Exploit Issue Tracking Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:codologic:codoforum:5.0.2:*:*:*:*:*:*:*

Information

Published : 2021-07-09 15:15

Updated : 2021-07-14 04:32


NVD link : CVE-2020-25875

Mitre link : CVE-2020-25875


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

codologic

  • codoforum