CVE-2020-26680

Name of the Vulnerable Software and Affected Versions: vFairs version 3.3

Description: The issue allows any logged-in user to modify other users' profile information, potentially including cross-site scripting payloads. The database stores user data with HTML tags that are rendered on the page, which can be exploited to perform XSS attacks.

Recommendations: For vFairs version 3.3, consider restricting user permissions to modify profile information until a fix is available. As a temporary workaround, disabling the rendering of HTML tags in user profiles may help mitigate the risk of XSS attacks.