Lucene search

Xiunobbs Security Vulnerabilities

cve

CVE-2018-15559

The editor in Xiuno BBS 4.0.4 allows stored XSS.

6.1CVSS

6.2AI Score

0.001EPSS

2018-08-20 12:29 AM

cve

CVE-2019-19998

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.

7.5CVSS

7.5AI Score

0.004EPSS

2019-12-26 04:15 AM

cve

CVE-2020-19914

Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.

6.1CVSS

6.2AI Score

0.001EPSS

2022-09-07 10:15 PM

cve

CVE-2020-21493

An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.

5.3CVSS

5.2AI Score

0.001EPSS

2021-10-04 09:15 PM

cve

CVE-2020-21494

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.

6.1CVSS

5.9AI Score

0.001EPSS

2021-10-04 09:15 PM

cve

CVE-2020-21495

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2021-10-04 09:15 PM

cve

CVE-2020-21496

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2021-10-04 09:15 PM