Xiunobbs Security Vulnerabilities and Issues — Xiunobbs CVE List

Lucene search

XiunoXiunobbs

7 matches found

CVE•added 2019/12/26 4:15 a.m.•43 views

CVE-2019-19998

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.

7.5CVSS7.5AI score0.0036EPSS

CVE•added 2021/10/04 9:15 p.m.•35 views

CVE-2020-21493

An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.

5.3CVSS5.2AI score0.00194EPSS

CVE•added 2021/10/04 9:15 p.m.•35 views

CVE-2020-21495

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.

6.1CVSS5.9AI score0.00223EPSS

CVE•added 2021/10/04 9:15 p.m.•34 views

CVE-2020-21496

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.

6.1CVSS5.9AI score0.00223EPSS

CVE•added 2018/08/20 12:29 a.m.•32 views

CVE-2018-15559

The editor in Xiuno BBS 4.0.4 allows stored XSS.

6.1CVSS6.2AI score0.00301EPSS

CVE•added 2022/09/07 10:15 p.m.•32 views

CVE-2020-19914

Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.

6.1CVSS6.2AI score0.00085EPSS

CVE•added 2021/10/04 9:15 p.m.•31 views

CVE-2020-21494

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.

6.1CVSS5.9AI score0.00305EPSS