Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
References
Link | Resource |
---|---|
https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc | Patch Third Party Advisory |
https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69 | Patch Third Party Advisory |
https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc | Patch Third Party Advisory |
https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 03:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc - Patch, Third Party Advisory | |
References | () https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69 - Patch, Third Party Advisory |
19 Sep 2024, 11:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:* | |
First Time |
Sir
Sir gnuboard |
Information
Published : 2019-03-25 21:29
Updated : 2024-11-21 03:51
NVD link : CVE-2018-15583
Mitre link : CVE-2018-15583
CVE.ORG link : CVE-2018-15583
JSON object : View
Products Affected
sir
- gnuboard
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')