16 matches found
CVE-2022-23391
CVE-2022-23391 concerns a cross-site scripting (XSS) vulnerability in Pybbs v6.0. The issue arises from the product’s search box not properly handling/sanitizing user input, allowing an attacker to inject and execute arbitrary web scripts or HTML in the victim’s browser. Documents consistently de...
CVE-2020-28702
CVE-2020-28702 describes a SQL injection in TopicMapper.xml of PybbsCMS v5.2.1, enabling attackers to access sensitive database information. The vulnerability is corroborated across multiple sources (NVD, RH, OSV, CVE lists, and PT Security) with published impact scores (CVSS 2.0/3.1: base 5.0/7....
CVE-2025-8550
CVE-2025-8550 affects atjiu pybbs up to version 6.0.0, with a cross-site scripting flaw in /admin/topic/list triggered by manipulating the Username parameter. The vulnerability is network‑based and has been publicly disclosed; PoC/exploitation materials exist (e.g., ExploitDB, PT-Security notes, ...
CVE-2025-8553
CVE-2025-8553 affects atjiu pybbs up to 6.0.0. The vulnerability is a cross-site scripting in the /admin/sensitive_word/list handler triggered by manipulating the word parameter. The issue is exploitable remotely and has been publicly disclosed. A patch is available (hash: 2fe4a51afbce0068c291bc1...
CVE-2025-8812
CVE-2025-8812 affects atjiu pybbs
CVE-2025-8548
Affects atjiu pybbs up to 6.0.0 in the Registered Email Handler: the sendEmailCode function (SettingsApiController.java) exposes information via error messages when the email argument is manipulated. The issue can be remotely triggered with high attack complexity; exploitation is publicly disclos...
CVE-2025-8554
CVE-2025-8554 affects atjiu pybbs up to version 6.0.0. The issue is a cross-site scripting vulnerability caused by manipulation of the Username argument in the file /admin/user/list. Exploitation can be remote and the patch is available as a specific fix identified by the patch hash 2fe4a51afbce0...
CVE-2025-8549
The CVE-2025-8549 entry concerns atjiu pybbs up to version 6.0.0. The vulnerable component is the update function in src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java, where manipulation leads to weak password requirements. The issue is remotely exploitable with high attack co...
CVE-2025-8814
CVE-2025-8814 affects atjiu pybbs up to version 6.0.0. The vulnerability lies in the setCookie function in src/main/java/co/yiiu/pybbs/util/CookieUtil.java, enabling cross-site request forgery. Exploitation is possible remotely, and public disclosure of the exploit is noted. The patch 8aa2bb1aef3...
CVE-2025-8813
CVE-2025-8813 affects atjiu pybbs up to 6.0.0. The vulnerability resides in the changeLanguage function of src/main/java/co/yiiu/pybbs/controller/front/IndexController.java, where manipulation of the referer argument leads to an open redirect. It can be triggered remotely and the exploit has been...
CVE-2025-8547
CVE-2025-8547 affects atjiu pybbs up to 6.0.0, impacting the Email Verification Handler. The vulnerability enables improper authorization and can be exploited remotely. Public exploit information is noted, and a patch is identified as 044f22893bee254dc2bb0d30f614913fab3c22c2. Remediation guidance...
CVE-2025-8555
CVE-2025-8555 affects atjiu pybbs up to 6.0.0, where manipulation of the keyword argument in the /search function enables cross-site scripting (XSS). The issue is exploitable remotely; public exploit information has been disclosed. The patch name provided to fix the issue is 2fe4a51afbce0068c291b...
CVE-2025-8552
CVE-2025-8552 affects atjiu pybbs up to version 6.0.0. The vulnerability resides in the /admin/tag/list handler where manipulating the Name parameter enables cross-site scripting. Exploitation can be remote, and public exploits/attacks have been disclosed. A patch/mitigation exists with identifie...
CVE-2025-8546
CVE-2025-8546 affects atjiu pybbs up to 6.0.0, specifically the Verification Code Handler’s function adminlogin/login . The issue allows a guessable captcha and can be exploited remotely; exploitation is publicly disclosed with a proof‑of‑concept. The patched fix is identified as ecaf8d46944fd03e...
CVE-2025-8551
CVE-2025-8551 affects atjiu pybbs up to 6.0.0, where manipulating the Username parameter in /admin/comment/list causes cross-site scripting. The issue can be triggered remotely, and public exploits/patch details exist. A patch is available: 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22; apply it to fix.
CVE-2025-12297
CVE-2025-12297 affects atjiu pybbs up to v6.0.0, involving an unknown function in UserApiController.java. The manipulation causes information disclosure and can be exploited remotely; the exploit is publicly available (PoC in some sources). Multiple connected sources corroborate the surface and i...