CVE-2020-35275

MEDIUM

Coastercms v5.8.18 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35275. PoCs published by Hardik Solanki.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in CoasterCMS 5.8.18. The exploit involves injecting malicious JavaScript into the 'Edit Page' tab, which then executes when viewed on the live page.

Description

Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.

Exploits (1)

exploitdb WRITEUP
by Hardik Solanki · textwebappsphp
https://www.exploit-db.com/exploits/49181

This is a writeup describing a stored XSS vulnerability in CoasterCMS 5.8.18. The exploit involves injecting malicious JavaScript into the 'Edit Page' tab, which then executes when viewed on the live page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CoasterCMS 5.8.18
Auth required
Prerequisites: Admin credentials · Access to the admin panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Broken Link, Product, Vendor Advisory x_refsource_misc
http://coastercms.com
Permissions Required, Product, Vendor Advisory x_refsource_misc
http://demo.coastercms.org/admin/home
Permissions Required, Product, Vendor Advisory x_refsource_misc
http://demo.coastercms.org/admin/login
Broken Link, Product, Vendor Advisory x_refsource_misc
http://demo.coastercms.org/homepage/blog
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49181

Scores

CVSS v3 5.4
EPSS 0.0105
EPSS Percentile 59.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
coastercms/coastercms 5.8.18
Published Dec 21, 2020
Tracked Since Feb 18, 2026