CVE-2026-37503
- EPSS 0.19%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 11.05.2026 19:22:57
Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API....
CVE-2026-37504
- EPSS 0.29%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 11.05.2026 19:25:20
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/serve...
CVE-2026-37505
- EPSS 0.24%
- Veröffentlicht 01.05.2026 00:00:00
- Zuletzt bearbeitet 11.05.2026 19:26:38
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) without validation. An authenticated admin can sort us...
CVE-2026-39912
- EPSS 0.58%
- Veröffentlicht 09.04.2026 19:16:25
- Zuletzt bearbeitet 15.04.2026 15:00:32
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMai...