CVE-2020-21236

Published December 27th, 2021

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.

wind-cyber/DamiCMS-v6.0.0-have-csrf-and-xss-Vulnerabilities-

GitHub