Stored XSS Vulnerability in Chronoforeum 2.0.11 Allows Execution of Crafted Payload via Posts

Stored XSS Vulnerability in Chronoforeum 2.0.11 Allows Execution of Crafted Payload via Posts

CVE-2020-27459 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.

Learn more about our User Device Pen Test.