Unrated severityNVD Advisory· Published Dec 30, 2022· Updated Aug 4, 2024

Chris92de AdminServ adminserv.php cross site scripting

CVE-2020-36637

Description

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

Chris92de/Adminservv5
Range: n/a

Patches

3ed17dab3b4d

Merge pull request #7 from lacaulac/patch-2

https://github.com/chris92de/adminservChristopher FOct 4, 2020via osv

commit

1 file changed · +1 −1

resources/core/adminserv.php+1 −1 modified

@@ -72,7 +72,7 @@ public static function error($text = null){
 		$_SESSION['error'] = $text;
 	}
 	public static function info($text){
-		$_SESSION['info'] = $text;
+		$_SESSION['info'] = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
 	}

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Chris92de/AdminServ/commit/3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7mitrepatch
github.com/Chris92de/AdminServ/pull/7mitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000