Woltlab Burning Board Attachment.php HTML Injection Vulnerability

Woltlab Burning Board Attachment.php HTML Injection Vulnerability

Woltlab Burning Board is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker can exploit this issue to execute arbitrary HTML and script code in the context of the affected application, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Version 2.3.5 is vulnerable to this issue; other versions may also be affected.