cleantalk
Vulnerabilities and Security Researches

Pondol BBS, CVE-2025-49336

CVE, Research URL

CVE-2025-49336

Home page URL

Security reports for Pondol BBS

Application

Pondol BBS

Published on
Jan 22, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4.
Affected versions
max 1.1.8.4.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
New vulnerability
User Registration Using Contact Form 7 (CVE-2025-12825) , Jan 28, 2026
WANotifier &#8211; Send Message Notifications Using Cloud API (CVE-2025-68020) , Jan 28, 2026
Syntax Highlighter Compress (CVE-2025-68859) , Jan 28, 2026
Media Library File Size (CVE-2026-24569) , Jan 28, 2026
Academy LMS – eLearning and online course solution for WordPress (CVE-2025-15521) , Jan 28, 2026