Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
References
Link | Resource |
---|---|
https://medium.com/%40prasanthc41m/cve-2020-5842-stored-xss-vulnerability-in-codoforum-4-8-3-b2e1133c6a91 | |
https://www.exploit-db.com/exploits/47876 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-07T19:17:55
Updated: 2020-01-07T19:17:55
Reserved: 2020-01-06T00:00:00
Link: CVE-2020-5842
JSON object: View
NVD Information
Status : Modified
Published: 2020-01-07T20:15:09.960
Modified: 2023-11-07T03:24:06.810
Link: CVE-2020-5842
JSON object: View
Redhat Information
No data.
CWE