header-logo
Suggest Exploit
vendor:
Vanilla Forums
by:
Sayak Naskar
5.4
CVSS
MEDIUM
Persistent Cross-Site Scripting
79
CWE
Product Name: Vanilla Forums
Affected Version From: 2.6.3
Affected Version To: 2.6.3
Patch Exists: YES
Related CWE: CVE-2020-8825
CPE: 2.6.3
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows, Linux
2020

Vanilla Forums 2.6.3 – Persistent Cross-Site Scripting

A Stored xss was found in Vanillaforum 2.6.3. An attacker will insert a payload on branding section. So, whenever an user will open the branding section then attacker automatically get all sensitive information of the user.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
# Google Dork: N/A
# Date: 2020-02-10
# Exploit Author: Sayak Naskar
# Vendor Homepage: https://vanillaforums.com/en/
# Version: 2.6.3
# Tested on: Windows, Linux
# CVE : CVE-2020-8825

A Stored xss was found in Vanillaforum 2.6.3 .

index.php?p=/dashboard/settings/branding

# Proof of Concept:

An attacker will insert a payload on branding section. So, whenever an user will open the branding section then attacker automatically get all sensitive information of the user.

Navigation

Suggest Exploit

Services By CQR