EUVD-2026-13758
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
4Description
A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Analysis
A Stored Cross-Site Scripting (XSS) vulnerability exists in atjiu pybbs 6.0.0 within the CommentApiController.java file's create function, allowing authenticated attackers to inject malicious scripts that execute in the browsers of other users viewing comments. The vulnerability requires user interaction (UI:R per CVSS vector) but carries a low CVSS score of 3.5 due to low impact scope; however, a public proof-of-concept exploit is available and the vulnerability has been disclosed, increasing real-world exploitation risk despite the low severity rating.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
During next maintenance window: Apply vendor patches when convenient. Verify cross-site scripting controls are in place.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today