Gnuboard Security Vulnerabilities and Issues — Gnuboard CVE List

Lucene search

SirGnuboard

24 matches found

CVE•added 2019/08/26 9:15 p.m.•170 views

CVE-2018-18668

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.

6.1CVSS5.9AI score0.0027EPSS

CVE•added 2022/05/16 5:15 p.m.•66 views

CVE-2022-30050

Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.

6.1CVSS6AI score0.00228EPSS

CVE•added 2014/03/19 2:17 p.m.•65 views

CVE-2014-2339

Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.

6.5CVSS8.4AI score0.00178EPSS

CVE•added 2019/04/26 8:29 p.m.•41 views

CVE-2018-15584

Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS5.9AI score0.00238EPSS

CVE•added 2009/01/27 7:30 p.m.•37 views

CVE-2009-0290

Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathna...

6.8CVSS8.1AI score0.02615EPSS

CVE•added 2019/04/26 8:29 p.m.•37 views

CVE-2018-15581

Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS5.9AI score0.00223EPSS

CVE•added 2019/07/23 5:15 p.m.•36 views

CVE-2018-18676

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2019/07/23 3:15 p.m.•35 views

CVE-2018-18669

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2019/03/27 8:29 p.m.•34 views

CVE-2018-15585

Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2019/07/23 5:15 p.m.•33 views

CVE-2018-18675

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2021/06/24 3:15 p.m.•33 views

CVE-2020-18661

Cross Site Scripting (XSS) vulnerability in gnuboard5

6.1CVSS5.9AI score0.00307EPSS

CVE•added 2021/06/24 4:15 p.m.•32 views

CVE-2020-18663

Cross Site Scripting (XSS) vulnerability in gnuboard5

6.1CVSS6AI score0.00275EPSS

CVE•added 2019/04/26 8:29 p.m.•31 views

CVE-2018-15582

Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS5.9AI score0.00238EPSS

CVE•added 2019/07/23 4:15 p.m.•30 views

CVE-2018-18671

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2019/07/23 4:15 p.m.•30 views

CVE-2018-18673

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2019/10/30 6:15 p.m.•30 views

CVE-2018-18678

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.

6.1CVSS5.9AI score0.00664EPSS

CVE•added 2019/04/26 8:29 p.m.•29 views

CVE-2018-15580

Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS5.9AI score0.00223EPSS

CVE•added 2019/03/25 9:29 p.m.•29 views

CVE-2018-15583

Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.

6.1CVSS5.9AI score0.00304EPSS

CVE•added 2019/11/07 9:15 p.m.•29 views

CVE-2018-18674

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.

6.1CVSS5.9AI score0.00664EPSS

CVE•added 2019/07/23 5:15 p.m.•28 views

CVE-2018-18672

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2019/07/23 5:15 p.m.•27 views

CVE-2018-18670

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter.

6.1CVSS5.9AI score0.0037EPSS

CVE•added 2025/07/07 6:15 p.m.•7 views

CVE-2024-37656

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.

6.1CVSS6.6AI score0.00035EPSS

CVE•added 2025/07/07 6:15 p.m.•7 views

CVE-2024-37658

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.

6.1CVSS6.6AI score0.00035EPSS

CVE•added 2025/07/07 6:15 p.m.•6 views

CVE-2024-37657

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.

6.1CVSS6.6AI score0.00035EPSS