Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
References
Link | Resource |
---|---|
https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php | Third Party Advisory |
https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php | Third Party Advisory |
https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13 | Patch Third Party Advisory |
https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php | Third Party Advisory |
https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php | Third Party Advisory |
https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 03:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php - Third Party Advisory | |
References | () https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php - Third Party Advisory | |
References | () https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13 - Patch, Third Party Advisory |
19 Sep 2024, 11:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:* | |
First Time |
Sir
Sir gnuboard |
Information
Published : 2019-03-27 20:29
Updated : 2024-11-21 03:51
NVD link : CVE-2018-15585
Mitre link : CVE-2018-15585
CVE.ORG link : CVE-2018-15585
JSON object : View
Products Affected
sir
- gnuboard
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')