4 matches found
CVE-2026-37503
Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...
CVE-2026-37503
Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...
PT-2026-36484
Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description Cross-Site Scripting XSS occurs when the custom html field in the theme configuration is rendered using unescaped Blade output in the 'public/theme/v2board/dashboard.blade.php' file. An administrator...
EUVD-2026-26667
Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...