2 matches found
Cross site scripting
Cross-Site Scripting XSS exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field...
CVE-2018-6506
Affected software: miniBB 3.2.2. Vulnerability: Cross-Site Scripting (XSS) in the Add Forum feature of the Administrative Panel. Root cause: crafted use of an onload attribute of an SVG element in the supertitle field. Impact (as stated): enables script execution in the context of the user’s brow...