Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

This is what I achived when research on Codoforum

Reflected XSS

Firstly, login into a user account, and create a new topic with title <svg/onload=alert(document.domain)>

Secondly, do nothing and refresh the page

It causes by this block of code

Vendor confirmed

REPORT TIMELINE

02/13/2020: Discovered the vulnerability

02/13/2020: Vendor confirmed

02/17/2020: CVE-2020-9007

Stored XSS

Create a post with Tags : 1" onmouseover="alert(1)

XSS will be fired if you put your mouse on tags

REPORT TIMELINE

02/24/2020: Discovered the vulnerability

03/03/2020: Vendor confirmed

Reflected XSS

Go to : http://URL/codo/index.php?u=user/profile/11110%22%20accesskey=%22X%22%20onclick=%22alert(1)

Use Alt+Shift+X , XSS will be fired

REPORT TIMELINE

02/24/2020: Discovered the vulnerability

03/03/2020: Vendor confirmed