본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26628 | MaxBoard XSS and File Upload Vulnerability2022.04.26
□ Overview
 o MaxBoard released security update to address XSS and File Upload vulnerability in admin page of MaxBoard.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
XSS and File Upload remote code execution,
privilege escalation
High 8.8 CVE-2021-26628

□ Description
 o Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges.
 o When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files
disguising them as image files.

□ Affected Product
Affected Product
Product Version Platform
MaxBoard prior of 1.9.6 Linux

□ Solution
 o Update software over MaxBoard 1.9.6.1 version or higher.

□ Reference
 [1] https://maxb.kr/

□ Etc
 o Thanks to Song Inbong for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀