CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.2%

CVSS Severity

CVSS v3 Score 7.2

References

https://github.com/VictorAlagwu/CMSsite
https://www.exploit-db.com/exploits/48484
https://www.vulncheck.com/advisories/victor-cms-commentauthor-persistent-cross-site-scripting

Products affected by CVE-2020-37072

Victor Cms Project » Victor Cms » Version: 1.0

cpe:2.3:a:victor_cms_project:victor_cms:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37072

Products

Pricing

Contact Us