Design/Logic Flaw

2019-08-2621:15:00

PRIOn knowledge base

www.prio-n.com

0.002 Low

EPSS

Percentile

54.7%

JSON

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the “homepage title” parameter, aka the adm/config_form_update.php cf_title parameter.

CPENameOperatorVersion
gnuboard5lt5.3.2.0

CPE	Name	Operator	Version
	gnuboard5	lt	5.3.2.0

References

github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf

github.com/gnuboard/gnuboard5/compare/15b2e73...2549172

github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0

0.002 Low

EPSS

Percentile

54.7%

JSON

Related for PRION:CVE-2018-18668