CVE-2021-3831
published 2021-12-14CVE-2021-3831: gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.81%
75.9th percentile
gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnuboard | gnuboard5 | < 5.4.20 | 5.4.20 |
| gnuboard | gnuboard_gnuboard5 | >= unspecified < 5.4.20 | 5.4.20 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.1HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Gnuboard 5 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-3831 [MEDIUM] Gnuboard 5 - Cross-Site Scripting
Gnuboard 5 - Cross-Site Scripting
Gnuboard 5 contains a cross-site scripting vulnerability via the $_GET['LGD_OID'] parameter.
Template:
id: CVE-2021-3831
info:
name: Gnuboard 5 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Gnuboard 5 contains a cross-site scripting vulnerability via the $_GET['LGD_OID'] parameter.
impact: |
Attackers can inject malicious JavaScript via XSS in the LGD_OID parameter, potentially stealing user session cookies or performing unauthorized actions.
remediation: |
Apply security patches or upgrade to a patched version of Gnuboard 5.
reference:
- https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
- https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
- https://nvd.nist.gov/vuln/detail/CVE-2021-3831
classifi
No writeups or analysis indexed.
2021-12-14
Published