x/vulndb: potential Go vuln in github.com/mlogclub/bbs-go: CVE-2023-36222

[GoVulnBot]

CVE-2023-36222 references github.com/mlogclub/bbs-go, which may be a Go module.

Description:
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-36222
• JSON: https://github.com/CVEProject/cvelist/tree/beae8b6baac0b47588747c2dfb222d6dcbafabfb/2023/36xxx/CVE-2023-36222.json
• web: http://bbs-go.com
• web: https://github.com/mlogclub/bbs-go
• report: bbs-go 存储式跨站脚本漏洞1 mlogclub/bbs-go#206
• Imported by: https://pkg.go.dev/github.com/mlogclub/bbs-go?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mlogclub/bbs-go
      vulnerable_at: 1.0.5
      packages:
        - package: n/a
description: |-
    Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before
    allows a remote attacker to execute arbitrary code via a crafted payload to the
    comment parameter in the article function.
cves:
    - CVE-2023-36222
references:
    - web: http://bbs-go.com
    - web: https://github.com/mlogclub/bbs-go
    - report: https://github.com/mlogclub/bbs-go/issues/206

[jba]

Binary, non-main packages seem to have no imports.

[gopherbot]

Change https://go.dev/cl/507901 mentions this issue: data/excluded: batch add 8 excluded reports

[gopherbot]

Change https://go.dev/cl/507904 mentions this issue: data/excluded: batch add 8 excluded reports

[gopherbot]

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports