CVE-2020-25876

A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
codologiccodoforum
5.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://codoforum.com/
https://github.com/r0ck3t1973/xss_payload/issues/3
https://codoforum.com/
https://github.com/r0ck3t1973/xss_payload/issues/3