CVE-2020-8825

Publish:

CVE-2020-8825

Vendor:

PHP VanillaForum

Description:

The vulnerability exists due to insufficient sanitization of user-supplied data passed to "index.php?p=/dashboard/settings/branding" URL. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Environment:

Version: 2.6.3
OS: Windows 10, Linux
PHP: 7
URL: index.php?p=/dashboard/settings/branding

Proof of Concept:

Assigned by:

Sayak Naskar

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
LICENSE		LICENSE
README.md		README.md
cve.jpg		cve.jpg
vanilla.png		vanilla.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

cve.jpg

cve.jpg

vanilla.png

vanilla.png

Repository files navigation

CVE-2020-8825

Publish:

Vendor:

Description:

Environment:

Proof of Concept:

Assigned by:

About

Releases

Packages

Contributors 2

License

hacky1997/CVE-2020-8825

Folders and files

Latest commit

History

Repository files navigation

CVE-2020-8825

Publish:

Vendor:

Description:

Environment:

Proof of Concept:

Assigned by:

About

Topics

Resources

License

Stars

Watchers

Forks