# Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting # Google Dork: N/A # Date: 2020-02-10 # Exploit Author: Sayak Naskar # Vendor Homepage: https://vanillaforums.com/en/ # Version: 2.6.3 # Tested on: Windows, Linux # CVE : CVE-2020-8825 A Stored xss was found in Vanillaforum 2.6.3 . index.php?p=/dashboard/settings/branding # Proof of Concept: An attacker will insert a payload on branding section. So, whenever an user will open the branding section then attacker automatically get all sensitive information of the user.
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
