pybbs <=6.0.0 Reflected XSSinfo

Title	atjiu https://github.com/atjiu/pybbs <=6.0.0 Reflected XSS
Description	In the latest v6.0.0 version, the endpoint /search does not encode user-controllable parameters when outputting them on the current page, resulting in Reflected XSS. This allows attackers to launch XSS attacks against administrator users.
Source	⚠️ https://github.com/atjiu/pybbs/issues/208
User	ZAST.AI (UID 87884)
Submission	07/25/2025 03:48 (11 months ago)
Moderation	08/04/2025 15:05 (10 days later)
Status	Accepted
VulDB entry	318684 [atjiu pybbs up to 6.0.0 /search keyword cross site scripting]
Points	16

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!