Skip to content

Instantly share code, notes, and snippets.

@s4fv4n
Created April 11, 2024 18:48
Show Gist options
  • Save s4fv4n/0d7a5093886cf41d9c478166e4aeec64 to your computer and use it in GitHub Desktop.
Save s4fv4n/0d7a5093886cf41d9c478166e4aeec64 to your computer and use it in GitHub Desktop.
CVE ID: CVE-2020-22540
Vulnerability Title: Stored Cross-Site Scripting Vulnerability on Codoforum v4.9
Description:
Codoforum v4.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability.
Vulnerability Type:
Cross Site Scripting (XSS)
Vendor of Product:
codoforum.com
Affected Product Code Base:
Codoforum - v4.9
Affected Component:
Stored XSS in Category name in codoforum v4.9
Impact Code execution:
true
Impact Information Disclosure:
true
Attack Vectors:
Steps to reproduce:
1- First login as a admin user
2- Goto category section create a new category
3- When creating a new category give the payload <script>alert(1)</script> as Category name
4- Then save
5- Then access the home page of the forum .
6- Now you can see the popup of XSS
Discoverer:
Safvan
Reference:
http://codoforum.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment