Skip to content

Stored XSS vulnerability #645

New issue
New issue
Open
Open
Stored XSS vulnerability#645
@NinjaGPT

Description

@NinjaGPT
NinjaGPT
opened on Jul 7, 2025

Gnuboard6 Stored XSS

Vulnerability:Stored XSS (CWE-79)

Severity:High

Summary:

This stored XSS vulnerability was discovered in the latest version of GnuBoard6. When registered users bookmark and reply to any post on the message board, user input is not properly sanitized, and the reply content is not encoded when displayed. This allows attackers to inject arbitrary JavaScript code, targeting all users who can access the post. Attackers can exploit this vulnerability to steal user cookies, launch phishing attacks, and other malicious activities.

Details:

Taint source:	/bbs/scrap_popin_update/qa/{post_id}

image

Taint sink:	/board/qa/{post_id}

image

POC:

1.Register an account and log in 2.Access to http://127.0.0.1:8000/board/qa

image

3.send a post on http://127.0.0.1:8000/board/write/qa, any title and content

image

4.Access to the latest post http://127.0.0.1:8000/board/qa/1,click the "Save" button

image

5.Inject following XSS payload and save it </textarea><img src=1 onerror=alert(/XSS/)>

image

6. XSS payload will be executed when access to the page again:

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions