Cross-site Scripting Vulnerability in Schiocco Support Board Plugin
CVE-2025-60182
7.1HIGH
What is CVE-2025-60182?
The Schiocco Support Board plugin is vulnerable to a Cross-site Scripting (XSS) attack due to improper neutralization of input during web page generation. This vulnerability allows for reflected XSS, enabling an attacker to inject malicious scripts into web pages viewed by users, potentially compromising their data and security. This issue affects versions prior to 3.8.7, highlighting the importance of updating to protect against such exploits.
Affected Version(s)
Support Board 0 <= 3.8.7
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program