Skip to content

hacky1997/CVE-2020-8825

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cve.jpg
cve.jpg
 
 
vanilla.png
vanilla.png
 
 

Repository files navigation

CVE-2020-8825

cve

Publish:

CVE-2020-8825

Vendor:

PHP VanillaForum

Description:

The vulnerability exists due to insufficient sanitization of user-supplied data passed to "index.php?p=/dashboard/settings/branding" URL. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Environment:

Version: 2.6.3
OS: Windows 10, Linux
PHP: 7
URL: index.php?p=/dashboard/settings/branding

Proof of Concept:

vanilla

Assigned by:

Sayak Naskar

About

VanillaForum 2.6.3 allows stored XSS.

vanillaforums.com/en/

Topics

php7 xss-vulnerability xss-poc cve-2020-8825

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •