o MaxBoard released security update to address XSS and File Upload vulnerability in admin page of MaxBoard.
|XSS and File Upload
||remote code execution,
o Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges.
o When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files
disguising them as image files.
□ Affected Product
||prior of 1.9.6
o Update software over MaxBoard 18.104.22.168 version or higher.
o Thanks to Song Inbong for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀