CVE-2018-6506

Name of the Vulnerable Software and Affected Versions miniBB version 3.2.2

Description A Cross-Site Scripting (XSS) issue exists in the Add Forum feature of the Administrative Panel. This is due to the improper handling of the onload attribute of an SVG element in the supertitle field, allowing for crafted input to execute scripts.

Recommendations For miniBB version 3.2.2, as a temporary workaround, consider restricting access to the Add Forum feature in the Administrative Panel until a patch is available. Avoid using the supertitle field with crafted SVG elements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.