Aliaksandr Hartsuyeu has discovered a vulnerability in NavBoard, which potentially can be exploited by malicious people to conduct script insertion attacks.
Successful exploitation requires that the Administrator has defined some BBcode tags that can be used in forum posts. This is not defined by default in version V16.
The vulnerability has been confirmed in version V16 (2.6.0) and also reported in version V17 beta2.
Solution: Do not allow the use of BBcode tags or edit the source code to ensure that input is properly sanitised.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org