CVE-2020-5842

Name of the Vulnerable Software and Affected Versions Codoforum version 4.8.3

Description The issue allows for XSS in the user registration page, specifically through the username field when accessing the "index.php?u=/user/register" API endpoint. The payload can be executed on the "admin/index.php?page=users/manage" page.

Recommendations For Codoforum version 4.8.3, as a temporary workaround, consider validating and sanitizing the username field to prevent malicious input. Restrict access to the user registration page until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.