Stored-Cross Site Scripting in Codoforum Latest Version 4.8.3 Admin Panel


Affected Product:CodoForum 4.8.3
Vendor Contact:
Vulnerability Type: Stored XSS
Remote Exploitable: Yes

Vulnerability Description

 Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.XSS triggers each time when we refresh the pages too, xss mainly found in the administrative dashboard of latest codoforum v4.8.3
There is an stored cross site scripting vulnerability in the codoforum latest version 4.8.3 where, admin panel is fully affected with Stored
as well as reflected cross site scripting

 Steps to reproduce the issue: 

I have hosted this codoforum latest in tor hosting services
> version in one of the darkweb hosting provider named daniel hosting go
> to the admin dashboard of Codoforum 4.8.3 then go to users>>Manage
> users>> then add new users craft xss payload
> "><svg/onload=alert(document.domain)>in the name fields and click on
> save button You can see an XSS triggers and it stored in that panel
> each time other admin comes it will trigger continuously if they click
> manage user options