CVE-2018-0535
Description
Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PHP 2chBBS bbs18c contains an unpatched XSS vulnerability allowing arbitrary script injection via unspecified vectors.
Vulnerability
PHP 2chBBS version bbs18c, a bulletin board software distributed by Kagaminokuni, contains a cross-site scripting (XSS) vulnerability (CWE-79). The vulnerability allows an attacker to inject arbitrary web scripts or HTML via unspecified vectors [1].
Exploitation
An attacker can exploit this vulnerability by tricking a victim into accessing a crafted malicious link. The exact attack vectors are not described in the available references, but the vulnerability is reachable through the web application's handling of user-supplied input [1].
Impact
A successful exploit could allow the attacker to alter the displayed webpage content or leak cookie information from the victim's web browser [1].
Mitigation
The developer is unreachable and no patches have been released. The recommended solution is to consider stopping the use of PHP 2chBBS version bbs18c. No workarounds are provided, and the vulnerability is not listed in the KEV catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = bbs18c
- Kagaminokuni/PHP 2chBBSv5Range: version bbs18c
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- jvn.jp/en/jp/JVN48774168/index.htmlmitrethird-party-advisoryx_refsource_JVN
News mentions
0No linked articles in our index yet.