CVE-2020-5306

MEDIUM

Codoforum 4.8.3 - Stored Cross-Site Scripting via Display Name, Title, or Content Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-5306. PoCs published by Vyshnav nk.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Codoforum 4.8.3, where an attacker can inject malicious JavaScript via a comment reply. The payload is executed when the comment is viewed.

Description

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.

Exploits (1)

exploitdb WORKING POC

by Vyshnav nk · textwebappsphp

https://www.exploit-db.com/exploits/47886

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in Codoforum 4.8.3, where an attacker can inject malicious JavaScript via a comment reply. The payload is executed when the comment is viewed.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Codoforum 4.8.3

Auth required

Prerequisites: Access to a valid user account · Ability to post comments

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://codologic.com/forum/index.php?u=/category/news-and-announcements

Exploit, Third Party Advisory x_refsource_misc

https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/47886

Scores

CVSS v3 4.8

EPSS 0.0112

EPSS Percentile 61.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

codologic/codoforum 4.8.3

Published Jan 05, 2020

Tracked Since Feb 18, 2026