Login Sign Up

CVE-2020-23718

9.6 CRITICAL
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in xujinliang zibbs 1.0 that allows attackers to inject malicious scripts via the route parameter in index.php. Attackers can execute arbitrary JavaScript code in users' browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. Anyone running zibbs 1.0 is affected.

💻 Affected Systems

Products:
  • xujinliang zibbs
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of zibbs 1.0 are vulnerable by default. The vulnerability is in the core routing mechanism.

📦 What is this software?

Zibbs by Zibbs Project

View all CVEs affecting Zibbs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full control of the forum, deface the site, install backdoors, or steal all user data including passwords and personal information.

🟠

Likely Case

Attackers steal user session cookies to hijack accounts, post malicious content, or redirect users to phishing sites.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized and rendered harmless as text.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub issue shows proof-of-concept exploitation. XSS vulnerabilities are commonly weaponized in automated attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://github.com/xujinliang/zibbs/issues/4

Restart Required: No

Instructions:

No official patch exists. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize the route parameter before processing

Modify index.php to validate/sanitize $_GET['route'] parameter using htmlspecialchars() or similar functions

Content Security Policy

all

Implement CSP headers to restrict script execution

Add header("Content-Security-Policy: default-src 'self'") to PHP files

🧯 If You Can't Patch

  • Deploy a web application firewall (WAF) with XSS protection rules
  • Isolate the zibbs instance behind reverse proxy with request filtering

🔍 How to Verify

Check if Vulnerable:

Test by accessing index.php?route=<script>alert('XSS')</script> and check if script executes

Check Version:

Check zibbs version in admin panel or readme files

Verify Fix Applied:

Test the same payload after implementing fixes - script should not execute and should appear as plain text

📡 Detection & Monitoring

Log Indicators:

  • Unusual route parameter values containing script tags or JavaScript code
  • Multiple failed login attempts from unexpected locations after XSS exploitation

Network Indicators:

  • HTTP requests with suspicious route parameters containing script tags or encoded payloads

SIEM Query:

web_access_logs WHERE uri CONTAINS "<script>" OR uri CONTAINS "javascript:"

📊 Metadata

CVE ID: CVE-2020-23718
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: November 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23718, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)