vendor:
Invision Community
by:
Hemant Patidar (HemantSolo)
4.8
CVSS
MEDIUM
Stored Cross-Site Scripting
79
CWE
Product Name: Invision Community
Affected Version From: 4.5.2004
Affected Version To: 4.5.2004
Patch Exists: YES
Related CWE: CVE-2020-29477
CPE: a:invision_community:invision_community:4.5.4
Platforms Tested: Windows 10, Kali Linux
2020
Invision Community 4.5.4 – ‘Field Name’ Stored Cross-Site Scripting
The vulnerability exists in the 'Field Name' parameter of the Invision Community admin page. By injecting a malicious payload into the 'Field Name' parameter, an attacker can trigger a cross-site scripting (XSS) attack.
Mitigation:
To mitigate this vulnerability, it is recommended to properly sanitize user input before displaying it on webpages. In addition, implementing a web application firewall (WAF) can help detect and block XSS attacks.
