cvedb.io
CVE-2020-26680
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2021-05-26T12:15:15.930 · Last modified 2026-07-09T01:16:41.057

Summary

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to perform XSS attacks.

Affected products

vfairs — vfairs

Does this affect you?

Add your gear to cvedb and we'll alert you only when vfairs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.