PT-2022-12514 · Unknown · Javaquarkbbs

Hhh7Oxo

Published

2022-01-19

Updated

2022-01-25

CVE-2021-46030

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions JavaQuarkBBS versions prior to v3

Description The issue is related to a Cross Site Scripting attack (XSS) that occurs when specific statements are entered into the background tag management module. These statements are stored in the database and can attack the next victim who accesses the tag module.

Recommendations For JavaQuarkBBS versions prior to v3, consider disabling the background tag management module until a patch is available to prevent the storage and execution of malicious scripts. Restrict access to the tag module to minimize the risk of exploitation. Avoid using the background tag management module until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-46030

Affected Products

Javaquarkbbs

PT-2022-12514 · Unknown · Javaquarkbbs

CVE-2021-46030

Weakness Enumeration

Related Identifiers

Affected Products

References · 4