A stored cross site scripting (XSS) vulnerability in the ‘Pages’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the ‘Page Title’ parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25876
Reference (s):
- https://codoforum.com/
- https://github.com/r0ck3t1973/xss_payload/issues/3