Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover.
References
Configurations
Information
Published : 2020-02-13 08:15
Updated : 2020-02-18 10:21
NVD link : CVE-2020-7051
Mitre link : CVE-2020-7051
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
codologic
- codoforum