CVE-2020-21494

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
References
Link Resource
https://gitee.com/xiuno/xiunobbs/issues/I16BHH Issue Tracking Third Party Advisory
https://github.com/wanghaiwei/xiuno-docker/issues/4 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xiuno:xiunobbs:4.0.4:*:*:*:*:*:*:*

History

13 Oct 2021, 20:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
References (MISC) https://gitee.com/xiuno/xiunobbs/issues/I16BHH - (MISC) https://gitee.com/xiuno/xiunobbs/issues/I16BHH - Issue Tracking, Third Party Advisory
References (MISC) https://github.com/wanghaiwei/xiuno-docker/issues/4 - (MISC) https://github.com/wanghaiwei/xiuno-docker/issues/4 - Exploit, Issue Tracking, Third Party Advisory
CWE CWE-79
CPE cpe:2.3:a:xiuno:xiunobbs:4.0.4:*:*:*:*:*:*:*

04 Oct 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 21:15

Updated : 2023-12-10 14:09


NVD link : CVE-2020-21494

Mitre link : CVE-2020-21494

CVE.ORG link : CVE-2020-21494


JSON object : View

Products Affected

xiuno

  • xiunobbs
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')