Unrated severityNVD Advisory· Published Dec 30, 2022· Updated Aug 4, 2024

Chris92de AdminServ adminserv.php cross site scripting

CVE-2020-36638

Description

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The patch is named 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

Chris92de/Adminservv5
Range: n/a

Patches

9a4508781429

Merge pull request #6 from lacaulac/patch-1

https://github.com/chris92de/adminservChristopher FSep 29, 2020via osv

commit

1 file changed · +4 −1

resources/core/adminserv.php+4 −1 modified

@@ -63,6 +63,9 @@ public static function error($text = null){
 		if($text === null){
 			$text = '['.$client->getErrorCode().'] '.Utils::t( $client->getErrorMessage() );
 		}
+		else {
+			$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
+		}
 		
 		AdminServLogs::add('error', $text);
 		unset($_SESSION['info']);
@@ -2023,4 +2026,4 @@ public static function getPlaylistData($filename){
 		return $out;
 	}
 }
-?>
\ No newline at end of file
+?>

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Chris92de/AdminServ/commit/9a45087814295de6fb3a3fe38f96293665234da1mitrepatch
github.com/Chris92de/AdminServ/pull/6mitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000