CVE-2018-18670

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-18670

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18670.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-18670

Published

2019-07-23T17:15:11.153Z

Modified

2026-04-10T04:08:44.423454Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/configformupdate.php cf_1~10 parameter.

References

Affected packages

Git / github.com/gnuboard/gnuboard5

Affected ranges

Type

GIT

Repo

https://github.com/gnuboard/gnuboard5

Events

Introduced

Last affected

15b2e73e739adc899b7d9aa7030eddeca3654cfa

Fixed

a45241f4bc46aee1ab2cc0749f6444b043681edf

Fixed

25491729696ce7c9ced2462406a9caa3e56a3c2e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.1.9"
        }
    ]
}

Affected versions

5.*

5.0.1

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.15

5.0.16

5.0.17

5.0.18

5.0.2

5.0.20

5.0.21

5.0.22

5.0.23

5.0.24

5.0.25

5.0.26

5.0.27

5.0.28

5.0.29

5.0.3

5.0.30

5.0.31

5.0.32

5.0.33

5.0.34

5.0.35

5.0.36

5.0.37

5.0.38

5.0.39

5.0.4

5.0.41

5.0.42

5.0.5

5.0.8

5.0.9

5.1.0

5.1.1

5.1.10

5.1.11

5.1.12

5.1.13

5.1.14

5.1.15

5.1.16

5.1.17

5.1.18

5.1.19

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.1.8

5.1.9

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.8

5.2.9

5.2.9.2

5.2.9.3

5.2.9.5

5.2.9.6

5.2.9.7

5.2.9.8

5.2.9.8.1

5.2.9.8.3

5.2.9.8.4

5.3.1

5.3.1.2

5.3.1.3

5.3.1.4

5.3.1.6

5.3.1.7

5.3.1.8

5.3.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18670.json"