VYPR
Medium severity4.8NVD Advisory· Published Aug 24, 2020· Updated Jun 17, 2026

CVE-2020-19885

CVE-2020-19885

Description

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • DBHcms/DBHcmsdescription
  • DBHcms/DBHcmsllm-fuzzy
    Range: = 1.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.