cbcvebase.

Sir Gnuboard vulnerabilities

39 known vulnerabilities affecting sir/gnuboard.

Total CVEs
39
CISA KEV
0
Public exploits
6
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH4MEDIUM32

Vulnerabilities

Page 2 of 2
CVE-2018-18672P4MEDIUMCVSS 6.1v5.3.1.92019-07-23
CVE-2018-18672 [MEDIUM] CWE-79 CVE-2018-18672: GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter.
nvd
CVE-2018-18669P4MEDIUMCVSS 6.1v5.3.1.92019-07-23
CVE-2018-18669 [MEDIUM] CWE-79 CVE-2018-18669: GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter.
nvd
CVE-2018-15585P4MEDIUMCVSS 6.1fixed in 5.3.1.62019-03-27
CVE-2018-15585 [MEDIUM] CWE-79 CVE-2018-15585: Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
nvd
CVE-2018-18673P4MEDIUMCVSS 6.1v5.3.1.92019-07-23
CVE-2018-18673 [MEDIUM] CWE-79 CVE-2018-18673: GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter.
nvd
CVE-2018-18668P4MEDIUMCVSS 6.1fixed in 5.3.2.02019-08-26
CVE-2018-18668 [MEDIUM] CWE-79 CVE-2018-18668: GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
nvd
CVE-2024-24157P4MEDIUMCVSS 6.1fixed in 6.0.02024-05-14
CVE-2024-24157 [MEDIUM] CWE-79 CVE-2024-24157: Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vuln Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py.
nvd
CVE-2024-37657P4MEDIUMCVSS 6.1v5.5.162025-07-07
CVE-2024-37657 [MEDIUM] CWE-601 CVE-2024-37657: An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive in An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.
nvd
CVE-2024-37658P4MEDIUMCVSS 6.1v5.5.162025-07-07
CVE-2024-37658 [MEDIUM] CWE-601 CVE-2024-37658: An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive in An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.
nvd
CVE-2018-18674P4MEDIUMCVSS 6.1v5.3.1.92019-11-07
CVE-2018-18674 [MEDIUM] CWE-79 CVE-2018-18674: GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
nvd
CVE-2018-18678P4MEDIUMCVSS 6.1fixed in 5.3.2.02019-10-30
CVE-2018-18678 [MEDIUM] CWE-79 CVE-2018-18678: GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.
nvd
CVE-2018-15582P4MEDIUMCVSS 6.1fixed in 5.3.1.62019-04-26
CVE-2018-15582 [MEDIUM] CWE-79 CVE-2018-15582: Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_b Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2018-15580P4MEDIUMCVSS 6.1fixed in 5.3.1.62019-04-26
CVE-2018-15580 [MEDIUM] CWE-79 CVE-2018-15580: Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 al Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2018-15584P4MEDIUMCVSS 6.1fixed in 5.3.1.62019-04-26
CVE-2018-15584 [MEDIUM] CWE-79 CVE-2018-15584: Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_u Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2018-15581P4MEDIUMCVSS 6.1fixed in 5.3.1.62019-04-26
CVE-2018-15581 [MEDIUM] CWE-79 CVE-2018-15581: Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2020-18663P4MEDIUMCVSS 6.1≤ 5.3.2.82021-06-24
CVE-2020-18663 [MEDIUM] CWE-79 CVE-2020-18663: Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_u Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.
nvd
CVE-2024-39097P4MEDIUMCVSS 6.1fixed in 6.0.52024-08-26
CVE-2024-39097 [MEDIUM] CWE-601 CVE-2024-39097: There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in logi There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.
nvd
CVE-2020-18661P4MEDIUMCVSS 6.1≤ 5.3.2.82021-06-24
CVE-2020-18661 [MEDIUM] CWE-79 CVE-2020-18661: Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login. Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
nvd
CVE-2018-15583P4MEDIUMCVSS 6.1fixed in 5.3.1.62019-03-25
CVE-2018-15583 [MEDIUM] CWE-79 CVE-2018-15583: Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
nvd
CVE-2022-30050P4MEDIUMCVSS 6.1v5.5.5v5.5.62022-05-16
CVE-2022-30050 [MEDIUM] CWE-79 CVE-2022-30050: Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
nvd
Sir Gnuboard vulnerabilities | cvebase