CVE-2018-6506

Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
minibbminibb
3.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://offensivehacking.wordpress.com/2018/02/07/minibb-forums-v3-2-2-stored-xss/
https://offensivehacking.wordpress.com/2018/02/07/minibb-forums-v3-2-2-stored-xss/