Cross-Site Scripting Vulnerability in Stivasoft Fundraising Script
CVE-2020-22222

6.1MEDIUM

Key Information:

Vendor

PHPjabbers

Status
Fundraising Script
Vendor
CVE Published:
5 November 2021

What is CVE-2020-22222?

Phpjabbers Fundraising Script v1.0 by Stivasoft is susceptible to a cross-site scripting (XSS) vulnerability through the pjActionLoadCss function. This flaw allows an attacker to inject malicious scripts, potentially compromising user data and leading to unauthorized actions within the application. Security measures should be promptly implemented to mitigate such risks and protect sensitive user information.

References

https://pastebin.com/cZFwMb5F
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.