phpVibe < 4.20 - Persistent Cross-Site Scripting

phpVibe The vulnerability exists because the user input is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser -- Proof of Concept -- 1. The attacker posts a new comment which contains our payload: " 2. The stored XSS can be triggered...