OpenCVE

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sir	Gnuboard

Configuration 1 [-]

cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168
https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172
https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0

History

Thu, 19 Sep 2024 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sir Sir gnuboard
CPEs	cpe:2.3:a:gnuboard:gnuboard5:5.3.1.9:::::::*	cpe:2.3:a:sir:gnuboard:5.3.1.9:::::::*
Vendors & Products	Gnuboard Gnuboard gnuboard5	Sir Sir gnuboard

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-23T14:47:13

Updated: 2024-08-05T11:16:00.278Z

Reserved: 2018-10-26T00:00:00

Link: CVE-2018-18669

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-23T15:15:10.853

Modified: 2024-11-21T03:56:20.987

Link: CVE-2018-18669

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board title contents\" parameter, aka the adm/board_form_update.php bo_subject parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-23T14:47:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18669", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board title contents\" parameter, aka the adm/board_form_update.php bo_subject parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0", "refsource": "MISC", "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"}, {"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172", "refsource": "MISC", "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"}, {"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168", "refsource": "MISC", "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:16:00.278Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18669", "datePublished": "2019-07-23T14:47:13", "dateReserved": "2018-10-26T00:00:00", "dateUpdated": "2024-08-05T11:16:00.278Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board title contents\" parameter, aka the adm/board_form_update.php bo_subject parameter."}, {"lang": "es", "value": "GNUBOARD5 versi\u00f3n 5.3.1.9 presenta un vulnerabilidad de tipo XSS que permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro \"board title contents\", tambi\u00e9n conocido como el par\u00e1metro bo_subject del archivo adm/board_form_update.php."}], "id": "CVE-2018-18669", "lastModified": "2024-11-21T03:56:20.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-23T15:15:10.853", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}