CVE-2020-29477
Summary
| CVE | CVE-2020-29477 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-30 15:15:00 UTC |
| Updated | 2021-01-04 15:13:00 UTC |
| Description | Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Invisioncommunity | Community | 4.5.4 | All | All | All |
| Application | Invisioncommunity | Community | 4.5.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| InVision | Digital product design, workflow & collaboration | MISC | invision.com | Not Applicable |
| Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting - Multiple webapps Exploit | MISC | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.