CVE-2022-3963

Name of the Vulnerable Software and Affected Versions gnuboard5 versions prior to 5.5.8.2.1

Description A problem was found in the FAQ Key ID Handler component, specifically in the file bbs/faq.php. The issue arises from the manipulation of the fm id argument, leading to cross-site scripting. This can be exploited remotely.

Recommendations For versions prior to 5.5.8.2.1, upgrade to version 5.5.8.2.1 to address this issue. As a temporary workaround, consider restricting access to the bbs/faq.php file or disabling the FAQ Key ID Handler component until the upgrade is applied. Avoid using the fm id argument in the affected component until the issue is resolved.