CVE-2018-6506 | SynScan

Vulnerability Database

290,278

Total vulnerabilities in the database

CVE-2018-6506

Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.

Published: Feb 12, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-6506
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
minibb / minibb	3.2.2	3.2.2.x

https://offensivehacking.wordpress.com/2018/02/07/minibb-forums-v3-2-2-stored-xss/