CVEs-PoC/2020/CVE-2020-13563.md

### [CVE-2020-13563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13563)
![](https://img.shields.io/static/v1?label=Product&message=phpGACL&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-80%3A%20Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brighgreen)

### Description

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177

#### Github
No PoCs found on GitHub currently.