CVE-2020-25875

A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.

Published: Jul 10, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-25875
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
codologic / codoforum	5.0.2	5.0.2.x

https://codoforum.com/
https://github.com/r0ck3t1973/xss_payload/issues/4

Vulnerability Database

289,697

CVE-2020-25875