CVE-2020-37018 | THREATINT

Description

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session cookies or executing client-side attacks.

PUBLISHED Reserved 2026-01-28 | Published 2026-01-29 | Updated 2026-01-29 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

4.0

affected

Credits

Balzabu finder

References

www.exploit-db.com/exploits/48690 (ExploitDB-48690) exploit

goautodial.org/ (Official Vendor Homepage) product

www.vulncheck.com/...utodial-persistent-cross-site-scripting (VulnCheck Advisory: GOautodial 4.0 - Persistent Cross-Site Scripting) third-party-advisory

cve.org (CVE-2020-37018)

nvd.nist.gov (CVE-2020-37018)

Download JSON