PT-2020-13132 · Monox · Monox

Published

2020-04-29

Updated

2020-05-04

CVE-2020-12472

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MonoX versions 5.1.40.5152 and earlier

Description The issue allows stored XSS via User Status, Blog Comments, or Blog Description. This can lead to malicious script execution when a user views the affected content.

Recommendations For MonoX versions 5.1.40.5152 and earlier, consider disabling the User Status, Blog Comments, and Blog Description features until a patch is available to prevent stored XSS attacks. Restrict access to these features to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-12472

Affected Products

Monox

PT-2020-13132 · Monox · Monox

CVE-2020-12472

Weakness Enumeration

Related Identifiers

Affected Products

References · 4