VanillaForum 2.6.3 allows stored XSS.
CVE-2020-8825
Publish:
CVE-2020-8825
Vendor:
PHP VanillaForum
Description:
The vulnerability exists due to insufficient sanitization of user-supplied data passed to "indexphp?p=/dashboard/settings/branding" URL A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in