Description

index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.

Remediation

References

CVE-2020-8825

Related Vulnerabilities

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)

WordPress Plugin YITH WooCommerce Quick View Security Bypass (1.3.13)

WordPress Plugin Advanced File Manager Information Disclosure (5.2.4)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2014-3581)

WordPress Plugin Login Logout Menu Multiple Cross-Site Scripting Vulnerabilities (1.3.3)

Severity

Medium

Classification

CVE-2020-8825 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities