624 matches found
EUVD-2020-31223
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
CVE-2020-37222
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
CVE-2020-37222
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
Kuicms Php EE 跨站脚本漏洞
Kuicms Php EE is a PHP enterprise website content management system developed by Kuicms. Version 2.0 of Kuicms Php EE contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue, which may allow unauthenticated attackers to submit malicious...
CVE-2025-49336
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through = 1.1.8.4...
CVE-2025-49336
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through = 1.1.8.4...
CVE-2025-49336
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through = 1.1.8.4...
CVE-2025-49336 WordPress Pondol BBS plugin <= 1.1.8.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through = 1.1.8.4...
CVE-2025-49336 WordPress Pondol BBS plugin <= 1.1.8.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through = 1.1.8.4...
CVE-2025-49336
CVE-2025-49336 affects the WordPress Pondol BBS plugin (pondol-bbs) up to and including version 1.1.8.4. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input handling during web page generation. The security ratings indicate a medium severity (CVSS 3.1: 5.4) wit...
PT-2026-3975
Name of the Vulnerable Software and Affected Versions pondol Pondol BBS versions through 1.1.8.4 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be...
CVE-2022-27496
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...
CVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...
PT-2025-43536
Name of the Vulnerable Software and Affected Versions gnuboard versions prior to 4.36.05 Description gnuboard4 is susceptible to a Second-order SQL Injection issue through the search table parameter within the bbs/search.php file. This allows for potential unauthorized database access or...
gnuboard4 安全漏洞
gnuboard4 is a content management system from kagla open source. A security vulnerability exists in gnuboard4 v4.36.04 and earlier versions, which stems from a second-order SQL injection vulnerability in searchtable in bbs/search.php...
CVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...
CVE-2025-61464
CVE-2025-61464 affects gnuboard4 v4.36.04 and earlier. The root cause is a Second-order SQL Injection via the search_table in bbs/search.php. Documented impacts include possible unauthorized database access or modification. Remediation recommended in multiple sources is to upgrade to gnuboard ver...