CVE-2020-35396

MEDIUM

Egavilanmedia Barcodes Generator - XSS

Title source: rule

Description

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.

Exploits (1)

exploitdb WORKING POC

by Nikhil Kumar · textwebappsphp

https://www.exploit-db.com/exploits/49227

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://egavilanmedia.com/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49227

[Exploit, Third Party Advisory] https://nikhilkumar01.medium.com/cve-2020-35396-f4b5675fb168

Scores

CVSS v3 6.1

EPSS 0.0051

EPSS Percentile 66.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

egavilanmedia/barcodes_generator 1.0

Published Dec 15, 2020

Tracked Since Feb 18, 2026