CVE-2026-37503 | V2Board up to 1.7.4 saveThemeConfig API dashboard.blade.php custom_html cross site scripting

A vulnerability identified as problematic has been detected in V2Board up to 1.7.4. Affected is an unknown function of the file public/theme/v2board/dashboard.blade.php of the component saveThemeConfig API. This manipulation of the argument custom_html causes cross site scripting.

This vulnerability appears as CVE-2026-37503. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More