Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/47876 | Exploit Third Party Advisory VDB Entry |
https://medium.com/@prasanthc41m/cve-2020-5842-stored-xss-vulnerability-in-codoforum-4-8-3-b2e1133c6a91 | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-01-07 12:15
Updated : 2020-02-18 10:20
NVD link : CVE-2020-5842
Mitre link : CVE-2020-5842
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
codologic
- codoforum