PT-2020-20426 · Codoforum · Codoforum

Published

2020-02-16

Updated

2020-02-18

CVE-2020-9007

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Codoforum version 4.8.8

Description The issue allows self-XSS via the title of a new topic. This means an attacker can inject malicious code into the title, potentially leading to the execution of unwanted scripts when the title is viewed.

Recommendations For Codoforum version 4.8.8, as a temporary workaround, consider validating and sanitizing the title input to prevent malicious code injection until a patch is available. Restrict access to creating new topics to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-9007

Affected Products

Codoforum

PT-2020-20426 · Codoforum · Codoforum

CVE-2020-9007

Weakness Enumeration

Related Identifiers

Affected Products

References · 4