WHAT ARE YOU LOOKING FOR?

Vanilla Forum 2.6.3 Cross Site Scripting ≈ Packet Storm

Roger Wilco Exploits 10 février 2020 Affichages : 425

# CVE-2020-8825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8825

## Vendor:
VanillaForum

## Description:
It is possible to store xss payload in index.php?p=/dashboard/settings/branding. An attacker will store the xss payload on this section and when the user will visit the page then attacker will get all the sensitive information of the user.

## Environment:

Version: 2.6.3
OS: Windows 10, Linux
PHP: 7
URL: index.php?p=/dashboard/settings/branding

## Proof of Concept:
https://github.com/hacky1997/CVE-2020-8825/blob/master/vanilla.png

## Assigned by:
[Sayak Naskar](https://github.com/hacky1997/)

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

"No secure path in the world"

WHAT ARE YOU LOOKING FOR?

Vanilla Forum 2.6.3 Cross Site Scripting ≈ Packet Storm

Follow us on

Most popular

Tiki Wiki CMS Groupware 21.1 Authentication Bypass ≈ Packet Storm

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection ≈ Packet Storm

Jcow Social Network Cross Site Scripting ≈ Packet Storm

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation ≈ Packet Storm

Phone Shop Sales Managements System 1.0 Shell Upload ≈ Packet Storm

Caldera: Red Team Emulation (Part 1)

Category

Popular Sections

About