CVE-2020-19887

Name of the Vulnerable Software and Affected Versions DBHcms version 1.2.0

Description The issue is related to a stored XSS vulnerability. This occurs because there is no proper handling of the pageparam insert description variable in the dbhcmsmodmod.page.edit.php file at line 227, specifically lacking the htmlspecialchars function. A remote authenticated attacker with admin privileges can exploit this to hijack other users' sessions.

Recommendations For DBHcms version 1.2.0, consider adding proper input validation and sanitization, such as using the htmlspecialchars function for the pageparam insert description variable in the dbhcmsmodmod.page.edit.php file to prevent XSS attacks. As a temporary workaround, restrict access to the mod.page.edit.php module to minimize the risk of exploitation.