CVE-2022-3963 An issue was found in gnuboard5, a component of FAQ Key ID Handler. The fm_id argument can be manipulated to perform a cross-site scripting attack.

Vulnerabilities can also be found in gnuboard6. It has been classified as a critical issue. Mainly affected is the file gnuboard/bbs/faq.php. The main issue is the usage of unconfirmed data. It is possible to launch a cross site request forgery attack. To be more precise, the issue is related to the usage of unverified data. The usage of a non-sanitized value allows remote attackers to perform an XSS attack. The outcome of this issue can lead to the compromise of user data. No upgrade is available to address this problem. The only solution is to update the component. The identifier of this vulnerability is VDB-213490. It is recommended to upgrade the affected component.

References:

Vulnerability Database: https://www.vulnerability-lab.com/
https://www.gnuboard.org/wiki/index.php?title=Configuring_the_GNUboard_Admin
Gnuboard6: https://www.gnuboard.org/wiki

Timeline

Published on: 11/12/2022 22:15:00 UTC
Last modified on: 11/17/2022 17:31:00 UTC

References

• https://vuldb.com/?id.213540
• https://github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3963