Primary

Context

V2Board Sensitive Token Exposure Vulnerability in UniProxyController

Vulnerability

A vulnerability exists in V2Board versions through 1.7.4, where the server authentication token is exposed via a GET parameter in the UniProxyController. This token is included in URLs, such as '/api/v1/server/UniProxy/user?token=SECRET', and can be logged by web servers, browsers, proxies, and CDNs. An attacker with access to these logs can extract the token and impersonate a proxy server node, potentially intercepting user traffic.

Impact

Exploitation of this vulnerability allows for unauthorized impersonation of a proxy server node, with the potential to intercept all user traffic.

Remediation

The vulnerability can be remediated by moving token transmission to a request header or POST body, as query parameters are not suitable for sending credentials.

Added: May 1, 2026, 5:15 PM

Updated: May 1, 2026, 5:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

7.2

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

7.2

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

V2Board Sensitive Token Exposure Vulnerability in UniProxyController

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating