Unrated severityNVD Advisory· Published Feb 15, 2020· Updated Aug 4, 2024
CVE-2020-7050
CVE-2020-7050
Description
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Codologic/Codoforumdescription
Patches
Vulnerability mechanics
References
2- codologic.com/forum/index.phpmitrex_refsource_CONFIRM
- www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.