CVE-2018-15585

Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:51

Type Values Removed Values Added
References () https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php - Third Party Advisory () https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php - Third Party Advisory
References () https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php - Third Party Advisory () https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php - Third Party Advisory
References () https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13 - Patch, Third Party Advisory () https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13 - Patch, Third Party Advisory

19 Sep 2024, 11:42

Type Values Removed Values Added
CPE cpe:2.3:a:gnuboard5_project:gnuboard5:*:*:*:*:*:*:*:* cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*
First Time Sir
Sir gnuboard

Information

Published : 2019-03-27 20:29

Updated : 2024-11-21 03:51


NVD link : CVE-2018-15585

Mitre link : CVE-2018-15585

CVE.ORG link : CVE-2018-15585


JSON object : View

Products Affected

sir

  • gnuboard
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')