CVE-2018-18678

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-18678

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18678.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-18678

Published

2019-10-30T18:15:12.533Z

Modified

2026-04-10T04:07:18.679784Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroupformupdate.php gr_1~10 parameter.

References

Affected packages

Git / github.com/gnuboard/gnuboard5

Affected ranges

Type

GIT

Repo

https://github.com/gnuboard/gnuboard5

Events

Introduced

Fixed

25491729696ce7c9ced2462406a9caa3e56a3c2e

Fixed

a45241f4bc46aee1ab2cc0749f6444b043681edf

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.3.2.0"
        }
    ]
}

Affected versions

5.*

5.0.1

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.15

5.0.16

5.0.17

5.0.18

5.0.2

5.0.20

5.0.21

5.0.22

5.0.23

5.0.24

5.0.25

5.0.26

5.0.27

5.0.28

5.0.29

5.0.3

5.0.30

5.0.31

5.0.32

5.0.33

5.0.34

5.0.35

5.0.36

5.0.37

5.0.38

5.0.39

5.0.4

5.0.41

5.0.42

5.0.5

5.0.8

5.0.9

5.1.0

5.1.1

5.1.10

5.1.11

5.1.12

5.1.13

5.1.14

5.1.15

5.1.16

5.1.17

5.1.18

5.1.19

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.1.8

5.1.9

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.8

5.2.9

5.2.9.2

5.2.9.3

5.2.9.5

5.2.9.6

5.2.9.7

5.2.9.8

5.2.9.8.1

5.2.9.8.3

5.2.9.8.4

5.3.1

5.3.1.2

5.3.1.3

5.3.1.4

5.3.1.6

5.3.1.7

5.3.1.8

5.3.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18678.json"