Exploit for Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Vulnerability CVE-2020-8825

Name: Exploit for Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Vulnerability CVE-2020-8825
Rating: 5 (32 reviews)

2020-02-11 | CVSS 3.5

## https://sploitus.com/exploit?id=1337DAY-ID-33938
# Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
# Exploit Author: Sayak Naskar
# Vendor Homepage: https://vanillaforums.com/en/
# Version: 2.6.3
# Tested on: Windows, Linux
# CVE : CVE-2020-8825

A Stored xss was found in Vanillaforum 2.6.3 .

index.php?p=/dashboard/settings/branding

# Proof of Concept:

An attacker will insert a payload on branding section. So, whenever an user will open the branding section then attacker automatically get all sensitive information of the user.

#  0day.today [2020-02-21]  #