CVE-2019-15479

Name of the Vulnerable Software and Affected Versions Status Board versions prior to 1.1.82

Description The issue concerns a reflected Cross-Site Scripting (XSS) vulnerability. It is caused by insufficient sanitization of the safeDashboard variable, which is concatenated to a printed error message by the renderDashboard() function. If the safeDashboard variable is controlled by user input, it allows attackers to execute arbitrary JavaScript in a victim's browser.

Recommendations Upgrade to version 1.1.82 to receive a patch. As a temporary workaround, consider restricting user input to the safeDashboard variable until the issue is resolved.