# CVE-2020-8825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8825
## Vendor:
VanillaForum
## Description:
It is possible to store xss payload in index.php?p=/dashboard/settings/branding. An attacker will store the xss payload on this section and when the user will visit the page then attacker will get all the sensitive information of the user.
## Environment:
Version: 2.6.3
OS: Windows 10, Linux
PHP: 7
URL: index.php?p=/dashboard/settings/branding
## Proof of Concept:
https://github.com/hacky1997/CVE-2020-8825/blob/master/vanilla.png
## Assigned by:
[Sayak Naskar](https://github.com/hacky1997/)