CVE-2018-18676: XSS
First published: Tue Jul 23 2019(Updated: )
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gnuboard Gnuboard5 | =5.3.1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-18676?
CVE-2018-18676 is a vulnerability in GNUBOARD5 5.3.1.9 that allows remote attackers to inject arbitrary web script or HTML.
How severe is CVE-2018-18676?
CVE-2018-18676 has a severity rating of 6.1, which is considered medium.
What is the affected software version?
The affected software version is GNUBOARD5 5.3.1.9.
How can the vulnerability in GNUBOARD5 5.3.1.9 be exploited?
The vulnerability in GNUBOARD5 5.3.1.9 can be exploited by injecting arbitrary web script or HTML via the "mobile board tail contents" parameter.
How can CVE-2018-18676 be fixed?
To fix CVE-2018-18676, update GNUBOARD5 to version 5.3.2.0 or later.
- collector/nvd-index
- vendor/gnuboard
- canonical/gnuboard gnuboard5
- version/gnuboard gnuboard5/5.3.1.9