Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
FluxBB Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-35240 - Vulnerability Database
FluxBB

FluxBB Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-35240

Medium
Reference: CVE-2020-35240
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-35240
Title: FluxBB Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in quotBlog Contentquot and each time any user will visit the blog the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.