FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
                
            References
                    | Link | Resource | 
|---|---|
| https://fluxbb.org/downloads/ | Vendor Advisory | 
| https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-35240.md | Exploit Third Party Advisory | 
| https://github.com/hemantsolo/CVE-Reference/issues/1 | Third Party Advisory | 
| https://fluxbb.org/downloads/ | Vendor Advisory | 
| https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-35240.md | Exploit Third Party Advisory | 
| https://github.com/hemantsolo/CVE-Reference/issues/1 | Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2020-12-30 15:15
Updated : 2024-11-21 05:27
NVD link : CVE-2020-35240
Mitre link : CVE-2020-35240
CVE.ORG link : CVE-2020-35240
JSON object : View
Products Affected
                fluxbb
- fluxbb
CWE
                
                    
                        
                        CWE-79
                        
            Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
