Lucene search
Sayak NaskarPACKETSTORM:156281HistoryFeb 10, 2020 - 12:00 a.m.
Vanilla Forum 2.6.3 Cross Site Scripting
2020-02-1000:00:00
Sayak Naskar
packetstormsecurity.com
84
EPSS
0.001
Percentile
46.0%
`# CVE-2020-8825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8825
## Vendor:
VanillaForum
## Description:
It is possible to store xss payload in index.php?p=/dashboard/settings/branding. An attacker will store the xss payload on this section and when the user will visit the page then attacker will get all the sensitive information of the user.
## Environment:
Version: 2.6.3
OS: Windows 10, Linux
PHP: 7
URL: index.php?p=/dashboard/settings/branding
## Proof of Concept:
https://github.com/hacky1997/CVE-2020-8825/blob/master/vanilla.png
## Assigned by:
[Sayak Naskar](https://github.com/hacky1997/)
`
Related
cvelist
cvelist
CVE-2020-8825
2020-02-10 11:14:37
zdt
zdt
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Vulnerability
2020-02-11 00:00:00
exploitdb
exploitdb
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
2020-02-11 00:00:00
exploitpack
exploitpack
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
2020-02-11 00:00:00
nvd
nvd
CVE-2020-8825
2020-02-10 12:15:12
osv
osv
CVE-2020-8825
2020-02-10 12:15:12
cve
cve
CVE-2020-8825
2020-02-10 12:15:12
prion
prion
Cross site scripting
2020-02-10 12:15:00