Gnuboard g6 Cross-Site Scripting Vulnerability in Post Reply Handler
Vulnerability
A stored cross-site scripting vulnerability has been identified in Gnuboard g6 versions through 6.0.10. This issue arises in the Post Reply Handler component, specifically within the file '/bbs/scrap_popin_update/qa/'. The vulnerability allows for the injection of arbitrary JavaScript, which is executed when other users view the post. This could lead to cookie theft, phishing attacks, and other malicious activities.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected post.
Reproduction
To reproduce this vulnerability, register an account and log in. Then, navigate to the 'qa' board and create a new post. After posting, access the post and reply to it. Inject a script payload, such as an image tag with an 'onerror' event, and save the reply. The injected script will execute when the post is viewed again.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.