A vulnerability was found in GNUBOARD5 5.3.1.9 (Forum Software). It has been classified as problematic. This affects some unknown functionality of the file adm/board_form_update.php. The manipulation of the argument bo_mobile_content_tail as part of a Parameter leads to a cross site scripting vulnerability. CWE is classifying the issue as CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. This is going to have an impact on integrity. The summary by CVE is:

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.

The weakness was published 07/23/2019. This vulnerability is uniquely identified as CVE-2018-18676 since 10/26/2018. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue.

By approaching the search of inurl:adm/board_form_update.php it is possible to find vulnerable targets with Google Hacking.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at 138524, 138523, 138522 and 138521.

Productinfo

Type

• Forum Software

Name

• GNUBOARD5

Version

• 5.3.1.9

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion