CVE-2020-26768 – Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerabilit …

7 January 2021

Vuln ID: CVE-2020-26768

Published: 2021-01-07 13:15:11Z

Description: Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site once the URL is clicked or visited. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials, force malware execution, user redirection and others.

Source: NVD.NIST.GOV

Date:

7 January 2021

Categorie(s):

NVD

Tag(s):

NVD

UK lays down fresh legislation banning crummy default device passwords29 April 2024
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM29 April 2024
Okta warns customers about credential stuffing onslaught29 April 2024
Kaiser health insurance leaked patient data to advertisers29 April 2024
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover29 April 2024