Share
# CVE-2020-8825  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8825  
  
## Vendor:  
VanillaForum   
  
## Description:   
It is possible to store xss payload in index.php?p=/dashboard/settings/branding. An attacker will store the xss payload on this section and when the user will visit the page then attacker will get all the sensitive information of the user.  
  
## Environment:  
  
Version: 2.6.3  
OS: Windows 10, Linux  
PHP: 7  
URL: index.php?p=/dashboard/settings/branding  
  
## Proof of Concept:  
https://github.com/hacky1997/CVE-2020-8825/blob/master/vanilla.png  
  
## Assigned by:  
[Sayak Naskar](https://github.com/hacky1997/)