MidnightBSD

Advisories for bbs-go

CVE-2023-36222

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.

Products Affected

Vendor Product Version
bbs-go bbs-go *
CVE-2023-36223

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.

Products Affected

Vendor Product Version
bbs-go bbs-go *