CVE-2020-21494

MEDIUM

Xiunobbs - XSS

Title source: rule

Description

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.

Exploits (1)

References (2)

Scores

CVSS v3 6.1
EPSS 0.0031
EPSS Percentile 53.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
xiuno/xiunobbs 4.0.4
Published Oct 04, 2021
Tracked Since Feb 18, 2026