A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.
References
Link | Resource |
---|---|
https://github.com/r0ck3t1973/xss_payload/issues/3 | Exploit Issue Tracking Third Party Advisory |
https://codoforum.com/ | Product |
Configurations
Information
Published : 2021-07-09 15:15
Updated : 2021-07-12 12:10
NVD link : CVE-2020-25876
Mitre link : CVE-2020-25876
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
codologic
- codoforum