CVE-2026-4816Cross-site Scripting in Support Board

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 91.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schiocco Support Board
Timeline
PublishedMar 25

Description

A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

CVEListV5schiocco/support_board3.7.7

🔴Vulnerability Details

2
GHSA
GHSA-r9fv-65q7-7m5c: A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v32026-03-25
CVEList
Reflected Cross Site Scripting (XSS) vulnerability in Support Board2026-03-25
CVE-2026-4816 — Cross-site Scripting in Support Board | cvebase