Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-8825

Publish Date: 10 Feb 2020

Source

                							

                # CVE-2020-8825
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8825
    
## Vendor:
    VanillaForum 

## Description:   
    It is possible to store xss payload in index.php?p=/dashboard/settings/branding. An attacker will store the xss payload on this section and when the user will visit the page then attacker will get all the sensitive information of the user.

## Environment:

    Version: 2.6.3
    OS: Windows 10, Linux
    PHP: 7
    URL: index.php?p=/dashboard/settings/branding
    
## Proof of Concept:
    https://github.com/hacky1997/CVE-2020-8825/blob/master/vanilla.png

## Assigned by:
  [Sayak Naskar](https://github.com/hacky1997/)
  


<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vanilla Forum 2.6.3 Cross Site Scripting

Vulmon Search

About

Products

Connect