mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
752 B
752 B
CVE-2020-19880
Description
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.
POC
Reference
- https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#4
- https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#4