186 matches found
CVE-2021-4293
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menulistupdate.php. The manipulation of the argument melink leads to cross site scripting. It is possible to launch the attack...
CVE-2021-4293 gnuboard youngcart5 menu_list_update.php cross site scripting
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menulistupdate.php. The manipulation of the argument melink leads to cross site scripting. It is possible to launch the attack...
CVE-2021-4293
The CVE-2021-4293 entry affects gnuboard youngcart5 up to version 5.4.5.1, where the argument me_link in the file adm/menu_list_update.php can be manipulated to trigger cross-site scripting. The issue could be exploited remotely. Remediation is to upgrade to version 5.4.5.2. The patch is identifi...
PT-2022-11744 · Unknown · Gnuboard Youngcart5
Name of the Vulnerable Software and Affected Versions: gnuboard youngcart5 versions up to 5.4.5.1 Description: A vulnerability has been found in gnuboard youngcart5, where the manipulation of the argument me link in the file adm/menu list update.php leads to cross site scripting. This issue can b...
GNUBOARD5 跨站脚本漏洞
GNUBOARD5 is a web forum system based on PHP and MySQL. A security vulnerability exists in GNUBOARD5 that originates from an unknown function in the file bbs/faq.php of the FAQ Key ID Handler component, which can be exploited by an attacker to cause cross-site scripting XSS via manipulation of th...
PT-2022-24983 · Gnuboard5 · Gnuboard5
Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.5.8.2.1 Description: A problem was found in the FAQ Key ID Handler component, specifically in the file bbs/faq.php. The issue arises from the manipulation of the fm id argument, leading to cross-site scripting...
cross site scripting - reflected
The reflected XSS vulnerability occurs to a flaw in the cleanxsstags function called in new.php of Gnuboard 5. 1. Open the https://sir.kr/bbs/new.php?darkmode=%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3E 2. payload executing...
CVE-2022-30050
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting XSS via bbs/memberconfirm.php...
CVE-2022-30050
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting XSS via bbs/memberconfirm.php...
Cross site scripting
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting XSS via bbs/memberconfirm.php...
CVE-2022-30050
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting XSS via bbs/memberconfirm.php...
CVE-2022-30050
CVE-2022-30050 affects Gnuboard versions 5.55 and 5.56, with a Cross-Site Scripting (XSS) flaw in the file path bbs/member_confirm.php . The root cause is insufficient validation/output handling of user-supplied data, enabling script execution on the client side. Reported by multiple sources (CNV...
CVE-2022-30050
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting XSS via bbs/memberconfirm.php...
GNUBOARD5 跨站脚本漏洞
GNUBOARD5 is a PHP and MySQL-based Web forum system. GNUBOARD5 versions 5.55 and 5.56 are vulnerable to a cross-site scripting vulnerability, which originates in bbs/memberconfirm.php and lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerabilit...
PT-2022-19987 · Gnuboard · Gnuboard
Name of the Vulnerable Software and Affected Versions: Gnuboard versions 5.55 through 5.56 Description: The issue is related to Cross Site Scripting XSS via the bbs/member confirm.php endpoint. This allows for potential malicious script injection. Recommendations: For versions 5.55 and 5.56,...
CVE-2022-1252
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any...
CVE-2022-1252
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any...
Design/Logic Flaw
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any...
CVE-2022-1252 Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any...
CVE-2022-1252
CVE-2022-1252 concerns gnuboard/gnuboard5 (versions up to and including 5.5.5). The vulnerability stems from the use of a broken or risky cryptographic algorithm, allowing an attacker to derive a user’s email address and potentially send emails to arbitrary addresses with full content control. Ro...