CVE-2020-20982

Published November 3rd, 2021

View on NVD ↗

CVSS v3

9.6

CRITICAL

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.

shadoweb/wdjaUNAVAILABLE

WDJA is based on (PHP)JTBC1.0 redevelop. website: www.wdja.net

GitHub