Cross-Site Scripting in XMB Forum Software
CVE-2021-29399

6.1MEDIUM

Key Information:

Vendor

Xmbforum2

Status
Xmb
Vendor
CVE Published:
19 April 2021

What is CVE-2021-29399?

XMB Forum Software has a vulnerability that exposes it to cross-site scripting (XSS) attacks due to insufficient filtering of BBCode input. This security flaw impacts all versions of XMB, allowing attackers to inject malicious scripts that can execute in the context of an unsuspecting user's web browser. To protect your installations, it is crucial to update to versions 1.9.12.03 or 1.9.11.16 as soon as possible.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.xmbforum2.com/
x_refsource_MISC
https://docs.xmbforum2.com/index.php?title=Security_Issue...
x_refsource_MISC
https://forums.xmbforum2.com/viewthread.php?tid=777105
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.