CVE-2018-18678

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnuboard:gnuboard5:*:*:*:*:*:*:*:*

Information

Published : 2019-10-30 11:15

Updated : 2019-11-01 12:38


NVD link : CVE-2018-18678

Mitre link : CVE-2018-18678


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

gnuboard

  • gnuboard5