CVE-2020-25761: XSS
First published: Tue Sep 29 2020(Updated: )
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Visitor Management System in PHP | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25761?
CVE-2020-25761 is a vulnerability in Projectworlds Visitor Management System in PHP 1.0 that allows cross-site scripting (XSS) attacks.
How does CVE-2020-25761 work?
CVE-2020-25761 occurs because the file myform.php in Projectworlds Visitor Management System in PHP 1.0 does not perform input validation on the request parameters, allowing an attacker to inject JavaScript payloads.
What can an attacker do with CVE-2020-25761?
With CVE-2020-25761, an attacker can inject JavaScript payloads in the parameters to perform various attacks, such as stealing cookies and sensitive information.
What is the severity of CVE-2020-25761?
CVE-2020-25761 has a severity rating of medium with a CVSS score of 6.1.
How can I fix CVE-2020-25761?
To fix CVE-2020-25761, make sure to perform input validation on the request parameters in the myform.php file of Projectworlds Visitor Management System in PHP 1.0.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/projectworlds
- canonical/projectworlds visitor management system in php
- version/projectworlds visitor management system in php/1.0