CVE-2026-4816 MEDIUM

CVE-2026-4816: Reflected Cross Site Scripting (XSS) vulnerability in Support Board

Vendor Schiocco

Product Support Board

Weakness CWE-79 · XSS

Published March 25, 2026

Last update March 25, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Key dates

02Disclosure timeline

March 25, 2026 CVE published

March 25, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-4816 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-35649 WordPress Save as PDF Plugin by Pdfcrowd plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability CVE-2024-8324 XO Slider <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-41876 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client CVE-2021-24365 Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field