VULHUB ™

MercuryBoard is reportedly affected by a HTML injection vulnerability. This issue is a result of the application failing to properly sanitize user-supplied input used in dynamically generated content. The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. This issue is reported to affect MercuryBoard 1.1.2; earlier versions may also be affected.

MercuryBoard is reportedly affected by a HTML injection vulnerability. This issue is a result of the application failing to properly sanitize user-supplied input used in dynamically generated content. The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. This issue is reported to affect MercuryBoard 1.1.2; earlier versions may also be affected.