CVE-2021-26628 HIGH

CVE-2021-26628: MaxBoard XSS and File Upload Vulnerability

Vendor No Vendor Information
Product MaxBoard
Weakness CWE-79 · XSS
Published April 26, 2022
Last update August 3, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.

Key dates

02Disclosure timeline

April 26, 2022 CVE published
August 3, 2024 Record updated