A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.
References
Link | Resource |
---|---|
https://codoforum.com/ | Product |
https://github.com/r0ck3t1973/xss_payload/issues/4 | Exploit Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2021-07-09 15:15
Updated : 2021-07-14 04:32
NVD link : CVE-2020-25875
Mitre link : CVE-2020-25875
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
codologic
- codoforum