CVE-2020-7991

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Adive Framework 2.0.8, allowing an attacker to change the admin password via a stored XSS payload. The PoC includes a JavaScript payload that triggers a password change request when executed in the context of an admin session.

The exploit demonstrates a persistent XSS vulnerability in Adive Framework 2.0.8 via the 'userUsername' parameter, followed by a CSRF attack to change the admin password. The PoC includes HTTP requests and JavaScript payloads to trigger the attack.