x/vulndb: potential Go vuln in github.com/mlogclub/bbs-go: CVE-2023-36223

[GoVulnBot]

CVE-2023-36223 references github.com/mlogclub/bbs-go, which may be a Go module.

Description:
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-36223
• JSON: https://github.com/CVEProject/cvelist/tree/beae8b6baac0b47588747c2dfb222d6dcbafabfb/2023/36xxx/CVE-2023-36223.json
• web: http://bbs-go.com
• web: https://github.com/mlogclub/bbs-go
• report: bbs-go 存储式跨站脚本漏洞2 mlogclub/bbs-go#208
• Imported by: https://pkg.go.dev/github.com/mlogclub/bbs-go?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mlogclub/bbs-go
      vulnerable_at: 1.0.5
      packages:
        - package: n/a
description: |-
    Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before
    allows a remote attacker to execute arbitrary code via a crafted payload to the
    announcements parameter in the settings function.
cves:
    - CVE-2023-36223
references:
    - web: http://bbs-go.com
    - web: https://github.com/mlogclub/bbs-go
    - report: https://github.com/mlogclub/bbs-go/issues/208

[jba]

See #1885.

[gopherbot]

Change https://go.dev/cl/507901 mentions this issue: data/excluded: batch add 8 excluded reports

[gopherbot]

Change https://go.dev/cl/507904 mentions this issue: data/excluded: batch add 8 excluded reports

[gopherbot]

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports