CVE-2020-28141

MEDIUM

Online Discussion Forum 1.0 - Authenticated Stored Cross-Site Scripting in Message Body

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-28141. PoCs published by j5oh.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the Online Discussion Forum Site 1.0 messaging system. The PoC shows how an attacker can inject malicious JavaScript into the message body, which executes when the victim views the message.

Description

The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.

Exploits (1)

exploitdb WORKING POC

by j5oh · textwebappsphp

https://www.exploit-db.com/exploits/48897

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the Online Discussion Forum Site 1.0 messaging system. The PoC shows how an attacker can inject malicious JavaScript into the message body, which executes when the victim views the message.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online Discussion Forum Site 1.0

Auth required

Prerequisites: Valid user session (PHPSESSID) · Access to the messaging interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/48897

Scores

CVSS v3 5.4

EPSS 0.0060

EPSS Percentile 44.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

online_discussion_forum_project/online_discussion_forum 1.0

Published Apr 19, 2021

Tracked Since Feb 18, 2026