Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gnuboard
(Sir)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 30 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-23 | CVE-2018-18670 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter. | Gnuboard | 6.1 | ||
| 2019-07-23 | CVE-2018-18672 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter. | Gnuboard | 6.1 | ||
| 2019-07-23 | CVE-2018-18675 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter. | Gnuboard | 6.1 | ||
| 2019-07-23 | CVE-2018-18676 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter. | Gnuboard | 6.1 | ||
| 2019-08-26 | CVE-2018-18668 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | Gnuboard | 6.1 | ||
| 2019-10-30 | CVE-2018-18678 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter. | Gnuboard | 6.1 | ||
| 2019-11-07 | CVE-2018-18674 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. | Gnuboard | 6.1 | ||
| 2021-06-24 | CVE-2020-18661 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php. | Gnuboard | 6.1 | ||
| 2021-06-24 | CVE-2020-18662 | SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. | Gnuboard | 9.8 | ||
| 2021-06-24 | CVE-2020-18663 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php. | Gnuboard | 6.1 |