← back
CVE-2020-29477

CVE-2020-29477

EPSS 1.1%
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49188unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://invision.comhttps://www.exploit-db.com/exploits/49188