PT-2020-17114 · Egavilanmedia · Egavilanmedia User Registration/Login System With Admin Panel

Hemant Patidar

Published

2020-12-30

Updated

2021-01-04

CVE-2020-29231

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions EGavilanMedia User Registration and Login System With Admin Panel version 1.0

Description The issue is related to cross-site scripting (XSS) in the Admin Profile Page. This allows an attacker to inject an XSS payload in the Admin Full Name field. Each time the admin visits the Profile page from the admin panel, the XSS triggers.

Recommendations For EGavilanMedia User Registration and Login System With Admin Panel version 1.0, consider validating and sanitizing user input in the Admin Full Name field to prevent XSS injection. As a temporary workaround, restrict access to the Admin Profile Page until a proper fix is implemented.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-29231

Affected Products

Egavilanmedia User Registration/Login System With Admin Panel

PT-2020-17114 · Egavilanmedia · Egavilanmedia User Registration/Login System With Admin Panel

CVE-2020-29231

Weakness Enumeration

Related Identifiers

Affected Products

References · 5