Lucene search
K
Pybbs ProjectPybbs

16 matches found

CVE
CVE
added 2022/02/14 8:48 p.m.92 views

CVE-2022-23391

CVE-2022-23391 concerns a cross-site scripting (XSS) vulnerability in Pybbs v6.0. The issue arises from the product’s search box not properly handling/sanitizing user input, allowing an attacker to inject and execute arbitrary web scripts or HTML in the victim’s browser. Documents consistently de...

6.1CVSS5.8AI score0.00621EPSS
CVE
CVE
added 2021/11/01 1:30 p.m.44 views

CVE-2020-28702

CVE-2020-28702 describes a SQL injection in TopicMapper.xml of PybbsCMS v5.2.1, enabling attackers to access sensitive database information. The vulnerability is corroborated across multiple sources (NVD, RH, OSV, CVE lists, and PT Security) with published impact scores (CVSS 2.0/3.1: base 5.0/7....

7.5CVSS7.7AI score0.01059EPSS
CVE
CVE
added 2025/08/05 7:2 a.m.32 views

CVE-2025-8550

CVE-2025-8550 affects atjiu pybbs up to version 6.0.0, with a cross-site scripting flaw in /admin/topic/list triggered by manipulating the Username parameter. The vulnerability is network‑based and has been publicly disclosed; PoC/exploitation materials exist (e.g., ExploitDB, PT-Security notes, ...

5.4CVSS3.4AI score0.00625EPSS
Web
CVE
CVE
added 2025/08/05 8:32 a.m.29 views

CVE-2025-8553

CVE-2025-8553 affects atjiu pybbs up to 6.0.0. The vulnerability is a cross-site scripting in the /admin/sensitive_word/list handler triggered by manipulating the word parameter. The issue is exploitable remotely and has been publicly disclosed. A patch is available (hash: 2fe4a51afbce0068c291bc1...

5.4CVSS6.6AI score0.00255EPSS
Web
CVE
CVE
added 2025/08/10 2:2 p.m.28 views

CVE-2025-8812

CVE-2025-8812 affects atjiu pybbs

5.4CVSS6.4AI score0.00299EPSS
CVE
CVE
added 2025/08/05 6:2 a.m.27 views

CVE-2025-8548

Affects atjiu pybbs up to 6.0.0 in the Registered Email Handler: the sendEmailCode function (SettingsApiController.java) exposes information via error messages when the email argument is manipulated. The issue can be remotely triggered with high attack complexity; exploitation is publicly disclos...

6.3CVSS4.2AI score0.00472EPSS
CVE
CVE
added 2025/08/05 9:2 a.m.27 views

CVE-2025-8554

CVE-2025-8554 affects atjiu pybbs up to version 6.0.0. The issue is a cross-site scripting vulnerability caused by manipulation of the Username argument in the file /admin/user/list. Exploitation can be remote and the patch is available as a specific fix identified by the patch hash 2fe4a51afbce0...

5.4CVSS6.5AI score0.00255EPSS
Web
CVE
CVE
added 2025/08/05 6:32 a.m.26 views

CVE-2025-8549

The CVE-2025-8549 entry concerns atjiu pybbs up to version 6.0.0. The vulnerable component is the update function in src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java, where manipulation leads to weak password requirements. The issue is remotely exploitable with high attack co...

6.3CVSS4.4AI score0.00432EPSS
CVE
CVE
added 2025/08/10 3:2 p.m.25 views

CVE-2025-8814

CVE-2025-8814 affects atjiu pybbs up to version 6.0.0. The vulnerability lies in the setCookie function in src/main/java/co/yiiu/pybbs/util/CookieUtil.java, enabling cross-site request forgery. Exploitation is possible remotely, and public disclosure of the exploit is noted. The patch 8aa2bb1aef3...

5.3CVSS7.1AI score0.00317EPSS
CVE
CVE
added 2025/08/10 2:32 p.m.24 views

CVE-2025-8813

CVE-2025-8813 affects atjiu pybbs up to 6.0.0. The vulnerability resides in the changeLanguage function of src/main/java/co/yiiu/pybbs/controller/front/IndexController.java, where manipulation of the referer argument leads to an open redirect. It can be triggered remotely and the exploit has been...

6.1CVSS7.1AI score0.00274EPSS
CVE
CVE
added 2025/08/05 5:32 a.m.23 views

CVE-2025-8547

CVE-2025-8547 affects atjiu pybbs up to 6.0.0, impacting the Email Verification Handler. The vulnerability enables improper authorization and can be exploited remotely. Public exploit information is noted, and a patch is identified as 044f22893bee254dc2bb0d30f614913fab3c22c2. Remediation guidance...

6.9CVSS5.5AI score0.00395EPSS
CVE
CVE
added 2025/08/05 9:32 a.m.23 views

CVE-2025-8555

CVE-2025-8555 affects atjiu pybbs up to 6.0.0, where manipulation of the keyword argument in the /search function enables cross-site scripting (XSS). The issue is exploitable remotely; public exploit information has been disclosed. The patch name provided to fix the issue is 2fe4a51afbce0068c291b...

5.4CVSS4.1AI score0.00304EPSS
CVE
CVE
added 2025/08/05 8:2 a.m.22 views

CVE-2025-8552

CVE-2025-8552 affects atjiu pybbs up to version 6.0.0. The vulnerability resides in the /admin/tag/list handler where manipulating the Name parameter enables cross-site scripting. Exploitation can be remote, and public exploits/attacks have been disclosed. A patch/mitigation exists with identifie...

5.4CVSS6.4AI score0.00255EPSS
Web
CVE
CVE
added 2025/08/05 5:2 a.m.20 views

CVE-2025-8546

CVE-2025-8546 affects atjiu pybbs up to 6.0.0, specifically the Verification Code Handler’s function adminlogin/login . The issue allows a guessable captcha and can be exploited remotely; exploitation is publicly disclosed with a proof‑of‑concept. The patched fix is identified as ecaf8d46944fd03e...

6.9CVSS5.5AI score0.00454EPSS
Web
CVE
CVE
added 2025/08/05 7:32 a.m.18 views

CVE-2025-8551

CVE-2025-8551 affects atjiu pybbs up to 6.0.0, where manipulating the Username parameter in /admin/comment/list causes cross-site scripting. The issue can be triggered remotely, and public exploits/patch details exist. A patch is available: 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22; apply it to fix.

5.4CVSS3.8AI score0.00251EPSS
Web
CVE
CVE
added 2025/10/27 4:32 p.m.12 views

CVE-2025-12297

CVE-2025-12297 affects atjiu pybbs up to v6.0.0, involving an unknown function in UserApiController.java. The manipulation causes information disclosure and can be exploited remotely; the exploit is publicly available (PoC in some sources). Multiple connected sources corroborate the surface and i...

5.3CVSS4.7AI score0.00327EPSS