3 matches found
CVE-2018-18668
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/configformupdate.php cftitle parameter...
CVE-2018-18668
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/configformupdate.php cftitle parameter...
CVE-2018-18668
GNUBOARD5 before 5.3.2.0 is affected by a cross-site scripting (XSS) vulnerability in the homepage title parameter (adm/config_form_update.php cf_title). Exploitation allows remote attackers to inject arbitrary web script/HTML, potentially compromising user sessions and browser execution context....