CVE-2020-37018

MEDIUM

GOautodial 4.0 - XSS

Title source: llm

Description

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session cookies or executing client-side attacks.

Exploits (1)

exploitdb WORKING POC

by Balzabu · textwebappsphp

https://www.exploit-db.com/exploits/48690

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48690

[Various Sources] https://goautodial.org/

[Third Party Advisory] https://www.vulncheck.com/advisories/goautodial-persistent-cross-site-scripting

Scores

CVSS v3 6.4

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Jan 29, 2026

Tracked Since Feb 18, 2026