CVE-2018-18671

Name of the Vulnerable Software and Affected Versions GNUBOARD5 version 5.3.1.9

Description The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content head parameter, also known as the "mobile board head contents" parameter, in the adm/board form update.php file. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For GNUBOARD5 version 5.3.1.9, consider disabling the bo mobile content head parameter in the adm/board form update.php file as a temporary workaround until a patch is available. Restrict access to the adm/board form update.php file to minimize the risk of exploitation. Avoid using the bo mobile content head parameter until the issue is resolved.