CVE-2026-4816

Name of the Vulnerable Software and Affected Versions Support Board version 3.7.7

Description A Reflected Cross Site Scripting (XSS) issue exists in Support Board. This allows an attacker to execute JavaScript code in a user's browser. The attack vector involves sending a malicious URL to a victim, utilizing the search parameter within the '/supportboard/include/articles.php' endpoint. Successful exploitation could lead to the theft of sensitive user data, such as session cookies, or the execution of unauthorized actions on behalf of the user.

Recommendations Update Support Board to a version that addresses this issue. As a temporary workaround, sanitize all user inputs to the search parameter in the '/supportboard/include/articles.php' endpoint.