Skip to content

Bread-and-Code/CVE-2020-8825

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
vanilla.png
vanilla.png
 
 

Repository files navigation

CVE-2020-8825

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8825

Vendor:

VanillaForum

Description:

The vulnerability exists due to insufficient sanitization of user-supplied data passed to "index.php?p=/dashboard/settings/branding" URL. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Environment:

Version: 2.6.3
OS: Windows 10, Linux
PHP: 7
URL: index.php?p=/dashboard/settings/branding

Proof of Concept:

vanilla

Assigned by:

Sayak Naskar

About

VanillaForum 2.6.3 allows stored XSS.

vanillaforums.com/en/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published