anonhaven
Ad

CVE-2026-4816

MEDIUM CVSS 4.0: 4.8 EPSS 0.03%
Updated Mar 26, 2026
PHP
Parameter Value
CVSS 4.8 (MEDIUM)
Affected Versions before 3.7.8
Fixed In 3.7.8
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor PHP
Public PoC No

A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
Active
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Schiocco Support_Board
cpe:2.3:a:schiocco:support_board:*:*:*:*:*:wordpress:*:*
 3.7.8

References 1

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sup…
cve-coordination@incibe.es
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-5546

Campcodes

5.3

CVE-2026-5543

Phpgurukul

5.3

CVE-2026-5542

Code-Projects

5.3

CVE-2026-5541

Code-Projects

5.3

CVE-2026-5540

Code-Projects

6.9