216.73.217.98

CVE-2026-23880

· Published 19/01/2026 21:15 · Modified 19/01/2026 21:15

Labels: CVE-2026-23880 2026-01-19CVE-2026-23880CWE-20[email protected]

Essential information

Published
19/01/2026 21:15
Modified
19/01/2026 21:15
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CVSS metrics

Description

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin when they attempt to migrate a user's discord account in the dashboard. Commit 1d32081a66f21bcf41df1ecb672490b13f6e429f patches the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
onboardlite / onboardlite cpe:2.3:a:onboardlite:onboardlite:<1d32081a66f21bcf41df1ecb672490b13f6e429f:*:*:*:*:*:*:*

References