CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18671

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b
https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172
https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0
https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b
https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172
https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0

Products affected by CVE-2018-18671

Sir » Gnuboard » Version: 5.3.1.9

cpe:2.3:a:sir:gnuboard:5.3.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18671

Products

Pricing

Contact Us