CVE-2020-25399

HIGH

InterMind iMind Server <= 3.13.65 - Stored Cross-Site Scripting via Chat File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25399. PoCs published by h3llraiser.

AI-analyzed exploit summary This repository contains a writeup for CVE-2020-25399, a stored XSS vulnerability in InterMind iMind Server through version 3.13.65. The vulnerability allows an attacker to send a malicious file via chat, which executes JavaScript in the victim's browser when opened.

Description

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.

Exploits (1)

nomisec WRITEUP

by h3llraiser · poc

https://github.com/h3llraiser/CVE-2020-25399

View Code ZIP pw:eip

This repository contains a writeup for CVE-2020-25399, a stored XSS vulnerability in InterMind iMind Server through version 3.13.65. The vulnerability allows an attacker to send a malicious file via chat, which executes JavaScript in the victim's browser when opened.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: InterMind iMind Server <= 3.13.65

Auth required

Prerequisites: Access to the chat functionality in InterMind iMind Server

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/h3llraiser/CVE-2020-25399

Scores

CVSS v3 7.8

EPSS 0.0101

EPSS Percentile 58.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (1)

mind/imind_server < 3.13.65

Published Nov 05, 2020

Tracked Since Feb 18, 2026