CVE-2020-29477: XSS
First published: Wed Dec 30 2020(Updated: )
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Invisioncommunity Community | =4.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-29477?
CVE-2020-29477 is a cross-site scripting (XSS) vulnerability in Invision Community 4.5.4 that allows an attacker to inject malicious code into the Field Name field.
How does CVE-2020-29477 affect Invision Community 4.5.4?
CVE-2020-29477 affects Invision Community 4.5.4 by allowing an attacker to inject XSS payloads into the Field Name field, which can be triggered whenever a user opens that field.
What is the severity of CVE-2020-29477?
The severity of CVE-2020-29477 is rated as medium, with a severity score of 4.8.
How can an attacker exploit CVE-2020-29477?
An attacker can exploit CVE-2020-29477 by injecting a crafted XSS payload into the Field Name field, which can lead to stealing user cookies and performing unauthorized actions.
Is there a fix available for CVE-2020-29477?
Yes, an upgrade to Invision Community version 4.5.5 or later fixes the CVE-2020-29477 vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/event
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/invisioncommunity
- canonical/invisioncommunity community
- version/invisioncommunity community/4.5.4