Vulnerabilites related to sir - gnuboard
Vulnerability from fkie_nvd
Published
2019-07-23 16:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board head contents\" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9 tiene Cross-Site Scripting (XSS) que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"mobile board head contents\", tambi\u00e9n conocido como el par\u00e1metro adm/board_form_update.php bo_mobile_content_head"
}
],
"id": "CVE-2018-18671",
"lastModified": "2024-11-21T03:56:21.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T16:15:10.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-07 21:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board tail contents\" parameter, aka the adm/board_form_update.php bo_content_tail parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9, presenta una vulnerabilidad de tipo XSS que permite a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro \"board tail contents\", tambi\u00e9n se conoce como el par\u00e1metro bo_content_tail del archivo adm/board_form_update.php."
}
],
"id": "CVE-2018-18674",
"lastModified": "2024-11-21T03:56:21.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-07T21:15:10.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-27 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3CCF19-0D80-4A90-95CC-293B3AB938DB",
"versionEndExcluding": "5.3.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en newwinform.php en GNUBOARD5, en versiones anteriores a la 5.3.1.6, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro popup title."
}
],
"id": "CVE-2018-15585",
"lastModified": "2024-11-21T03:51:07.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-27T20:29:03.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 17:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board head contents\" parameter, aka the adm/board_form_update.php bo_content_head parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9 tiene Cross-Site Scripting (XSS) que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"board head contents\", tambi\u00e9n se conoce como el par\u00e1metro adm/board_form_update.php bo_content_head."
}
],
"id": "CVE-2018-18672",
"lastModified": "2024-11-21T03:56:21.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T17:15:11.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3CCF19-0D80-4A90-95CC-293B3AB938DB",
"versionEndExcluding": "5.3.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en adm/faqmasterformupdate.php en gnuboard5, versiones anteriores a la 5.3.1.6, permite que los atacantes remotos inyecten scripts web o HTLM arbitrarios."
}
],
"id": "CVE-2018-15581",
"lastModified": "2024-11-21T03:51:06.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-26T20:29:00.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4280d95d6643b5d9673962736ada210b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4280d95d6643b5d9673962736ada210b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-24 15:15
Modified
2024-11-21 05:08
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp | Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/issues/43 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.seebug.org/vuldb/ssvid-97925 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/issues/43 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seebug.org/vuldb/ssvid-97925 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48830A72-A234-440B-832F-81BFBBD9ABC3",
"versionEndIncluding": "5.3.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in gnuboard5 \u003c=v5.3.2.8 via the url parameter to bbs/login.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en gnuboard5 versiones anteriores a v5.3.2.8 incluy\u00e9ndola, por medio del par\u00e1metro url del archivo bbs/login.php"
}
],
"id": "CVE-2020-18661",
"lastModified": "2024-11-21T05:08:40.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-24T15:15:08.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-97925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-97925"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "08E70D59-49EB-4A2B-80CA-0BD651050DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBA9CFF-F981-4603-9899-AF33D9A06E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F384348F-4D25-4554-96FD-DAD9F114D6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "E64226B8-DC52-495E-BBB7-D87E957959CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8ABCF-ECEE-4D8E-8C21-D3E3FBA3A8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE17003-86D7-4DBF-8505-DA1C0A577379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "008FCD6F-3031-4FB7-AE33-EF570143C52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "458802ED-A3D7-433C-AE78-135384BEC79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "FD69FD0C-DCED-4CF7-8D60-5E74BA019C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "83D1664D-CE27-4AFA-8A91-13F7519ABDCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2004-1403",
"lastModified": "2024-11-20T23:50:48.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110313585810712\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13479/"
},
{
"source": "cve@mitre.org",
"url": "http://sir.co.kr/?doc=bbs/gnuboard.php\u0026bo_table=pds\u0026page=1\u0026wr_id=1871"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11948"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110313585810712\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13479/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sir.co.kr/?doc=bbs/gnuboard.php\u0026bo_table=pds\u0026page=1\u0026wr_id=1871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18494"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-24 16:15
Modified
2024-11-21 05:08
Severity ?
Summary
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp | Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/issues/43 | Exploit, Technical Description | |
| cve@mitre.org | https://www.seebug.org/vuldb/ssvid-97927 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/issues/43 | Exploit, Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seebug.org/vuldb/ssvid-97927 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48830A72-A234-440B-832F-81BFBBD9ABC3",
"versionEndIncluding": "5.3.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in gnuboard5 \u003c=v5.3.2.8 via the table_prefix parameter in install_db.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en gnuboard5 versiones anteriores a v5.3.2.8 incluy\u00e9ndola, por medio del par\u00e1metro table_prefix en el archivo install_db.php"
}
],
"id": "CVE-2020-18662",
"lastModified": "2024-11-21T05:08:41.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-24T16:15:08.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-97927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-97927"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 15:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board title contents\" parameter, aka the adm/board_form_update.php bo_subject parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9 presenta un vulnerabilidad de tipo XSS que permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro \"board title contents\", tambi\u00e9n conocido como el par\u00e1metro bo_subject del archivo adm/board_form_update.php."
}
],
"id": "CVE-2018-18669",
"lastModified": "2024-11-21T03:56:20.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T15:15:10.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 17:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"Extra Contents\" parameter, aka the adm/config_form_update.php cf_1~10 parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9 tiene Cross-Site Scripting (XSS) que permite que los atacantes remotos inyecten scripts web o HTLM arbitrarios mediante el par\u00e1metro \"Extra Contents\", tambi\u00e9n conocido como el par\u00e1metro adm/config_form_update.php cf_1~10"
}
],
"id": "CVE-2018-18670",
"lastModified": "2024-11-21T03:56:21.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T17:15:11.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-27 19:30
Modified
2024-11-21 00:59
Severity ?
Summary
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:4.31.03:*:*:*:*:*:*:*",
"matchCriteriaId": "35CB85DC-978C-430A-8BD7-4E770E177853",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en common.php en SIR GNUBoard v4.31.03, permite a atacantes remotos incluir y ejecutar ficheros locales de su elecci\u00f3n a trav\u00e9s de ..(punto punto) en el par\u00e1metro g4_path. NOTA: en algunos entorno, esto puede ser aprovechado para ejecutar c\u00f3digo remotamente a trav\u00e9s de datos como una URI o un UNC con nombre de ruta compartido (share pathname)."
}
],
"id": "CVE-2009-0290",
"lastModified": "2024-11-21T00:59:33.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-27T19:30:02.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33564"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/33304"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48015"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/33304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7792"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-30 18:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF09571B-B906-41A9-BB81-EBC68AD87F66",
"versionEndExcluding": "5.3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board group extra contents\" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versiones anteriores a la veris\u00f3n 5.3.2.0, tiene una vulnerabilidad de tipo XSS que permite a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro \"board group extra contents\", tambi\u00e9n se conoce como el par\u00e1metro gr_1 ~ 10 del archivo adm/boardgroup_form_update.php."
}
],
"id": "CVE-2018-18678",
"lastModified": "2024-11-21T03:56:22.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T18:15:12.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3CCF19-0D80-4A90-95CC-293B3AB938DB",
"versionEndExcluding": "5.3.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en adm/boardgroup_form_update.php y adm/boardgroup_list_update.php en gnuboard5, versiones anteriores a la 5.3.1.6, permite que los atacantes remotos inyecten scripts web o HTLM arbitrarios."
}
],
"id": "CVE-2018-15584",
"lastModified": "2024-11-21T03:51:06.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-26T20:29:00.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-0e9aa589be0cec73df5f154aa40f5b06"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-22d0b3c0987a60483473990fc07f1886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-0e9aa589be0cec73df5f154aa40f5b06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-22d0b3c0987a60483473990fc07f1886"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 21:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF09571B-B906-41A9-BB81-EBC68AD87F66",
"versionEndExcluding": "5.3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"homepage title\" parameter, aka the adm/config_form_update.php cf_title parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versiones anteriores a la 5.3.2.0 tiene XSS que permite a los atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s del par\u00e1metro \"t\u00edtulo de la p\u00e1gina de inicio\", tambi\u00e9n conocido como el par\u00e1metro adm / config_form_update.php cf_title."
}
],
"id": "CVE-2018-18668",
"lastModified": "2024-11-21T03:56:20.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T21:15:10.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3CCF19-0D80-4A90-95CC-293B3AB938DB",
"versionEndExcluding": "5.3.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en adm/sms_admin/num_book_write.php y adm/sms_admin/num_book_update.php en gnuboard5, versiones anteriores a la 5.3.1.6, permite que los atacantes remotos inyecten scripts web o HTLM arbitrarios."
}
],
"id": "CVE-2018-15582",
"lastModified": "2024-11-21T03:51:06.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-26T20:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2024-11-21 01:31
Severity ?
Summary
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3898D9-2F65-4132-8B28-4ECCECB4F5F1",
"versionEndIncluding": "4.33.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "08E70D59-49EB-4A2B-80CA-0BD651050DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBA9CFF-F981-4603-9899-AF33D9A06E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F384348F-4D25-4554-96FD-DAD9F114D6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "E64226B8-DC52-495E-BBB7-D87E957959CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8ABCF-ECEE-4D8E-8C21-D3E3FBA3A8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE17003-86D7-4DBF-8505-DA1C0A577379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "008FCD6F-3031-4FB7-AE33-EF570143C52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "458802ED-A3D7-433C-AE78-135384BEC79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "FD69FD0C-DCED-4CF7-8D60-5E74BA019C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "83D1664D-CE27-4AFA-8A91-13F7519ABDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "0E54CBFB-282D-4036-9D6E-C1EC216517E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:4.31.03:*:*:*:*:*:*:*",
"matchCriteriaId": "35CB85DC-978C-430A-8BD7-4E770E177853",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en bbs/tbphp en Gnuboard v4.33.02 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de PATH_INFO."
}
],
"id": "CVE-2011-4066",
"lastModified": "2024-11-21T01:31:47.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-04T21:55:09.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17992"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/50173"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026197"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70686"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-12 17:15
Modified
2024-09-18 18:51
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/AkiaCode/7c878b1699931314246d6589d86b1e89 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56DFB50B-F209-4234-AEE3-AFFB300F1136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration."
},
{
"lang": "es",
"value": "Gnuboard g6 6.0.7 es vulnerable al secuestro de sesi\u00f3n debido a una mala configuraci\u00f3n de CORS."
}
],
"id": "CVE-2024-41475",
"lastModified": "2024-09-18T18:51:25.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-12T17:15:17.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/AkiaCode/7c878b1699931314246d6589d86b1e89"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 21:29
Modified
2024-11-21 03:51
Severity ?
Summary
Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3CCF19-0D80-4A90-95CC-293B3AB938DB",
"versionEndExcluding": "5.3.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en point_list.php en GNUBOARD5 en versiones anteriores a la 5.3.1.6 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \u2018\u2019popup title\u2019\u2019."
}
],
"id": "CVE-2018-15583",
"lastModified": "2024-11-21T03:51:06.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T21:29:04.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-16 17:15
Modified
2024-11-21 07:02
Severity ?
Summary
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D5F8C5-75C4-4586-AEAB-C1868E9E8463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47061CBC-7C39-4483-B940-B44516B5FDB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php."
},
{
"lang": "es",
"value": "Gnuboard versiones 5.55 y 5.56, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del archivo bbs/member_confirm.php"
}
],
"id": "CVE-2022-30050",
"lastModified": "2024-11-21T07:02:07.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T17:15:09.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-20 20:15
Modified
2024-11-21 07:27
Severity ?
Summary
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE04DB8C-E78D-40CD-895D-6FB01A9D974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D5F8C5-75C4-4586-AEAB-C1868E9E8463",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim\u0027s original password."
}
],
"id": "CVE-2022-44216",
"lastModified": "2024-11-21T07:27:45.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-20T20:15:10.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sir.kr/g5_pds/6400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sir.kr/g5_pds/6400"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 17:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board title contents\" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9 tiene Cross-Site Scripting (XSS) que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"mobile board title contents\", tambi\u00e9n se conoce como el par\u00e1metro adm/board_form_update.php bo_mobile_subject."
}
],
"id": "CVE-2018-18675",
"lastModified": "2024-11-21T03:56:21.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T17:15:11.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 16:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"Menu Link\" parameter, aka the adm/menu_list_update.php me_link parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9 tiene Cross-Site Scripting (XSS) que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"Menu Link\", tambi\u00e9n se conoce como el par\u00e1metro adm/menu_list_update.php me_link."
}
],
"id": "CVE-2018-18673",
"lastModified": "2024-11-21T03:56:21.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T16:15:11.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-12 22:15
Modified
2024-11-21 07:20
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9 | Patch, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.213540 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.213540 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23E512AB-51F6-49F3-B90B-5361D3B513F5",
"versionEndExcluding": "5.5.8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en gnuboard5. Ha sido clasificada como problem\u00e1tico. Una funci\u00f3n desconocida del archivo bbs/faq.php del componente FAQ Key ID Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fm_id conduce a Cross-Site Scripting (XSS). Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a la versi\u00f3n 5.5.8.2.1 puede solucionar este problema. El nombre del parche es ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-213540."
}
],
"id": "CVE-2022-3963",
"lastModified": "2024-11-21T07:20:37.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-12T22:15:09.373",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.213540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.213540"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-707"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-06 21:55
Modified
2024-11-21 01:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C89C65-B5A0-4714-A7FD-C14BDBA4B42D",
"versionEndIncluding": "4.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter."
},
{
"lang": "es",
"value": "nerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n file_download en GNUBoard anterior a v4.34.21, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de nombre de archivo"
}
],
"id": "CVE-2012-4873",
"lastModified": "2024-11-21T01:43:39.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-06T21:55:02.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48458"
},
{
"source": "cve@mitre.org",
"url": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds\u0026wr_id=7156"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/18627"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds\u0026wr_id=7156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52622"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=110477648219738&w=2 | Exploit, Mailing List | |
| cve@mitre.org | http://secunia.com/advisories/13711 | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/bid/12149 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/18729 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110477648219738&w=2 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13711 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12149 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/18729 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF591A1-0AFC-4182-9AC2-31933C6C9B33",
"versionEndIncluding": "3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters."
}
],
"id": "CVE-2005-0269",
"lastModified": "2024-11-20T23:54:46.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110477648219738\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/13711"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12149"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110477648219738\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/13711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-178"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-19 14:17
Modified
2024-11-21 02:06
Severity ?
Summary
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "347BBF76-4BF1-46CB-8B85-3DDFDDFFE705",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:4.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "201A06C9-836B-4FD9-8DA1-8EF5E26258EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:4.31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD619E7E-AED3-4EAF-BBA2-F835E0D062E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:4.33.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C32EA13-F4FF-4F8B-AC71-435BDF206369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:4.34.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7BB4FD-9E17-451C-87D5-DC0E211E11B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sir:gnuboard:4.34.21:*:*:*:*:*:*:*",
"matchCriteriaId": "22C2BE6D-935E-4AEC-AF44-705F92EE42FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en bbs/ajax.autosave.php en GNUboard 5.x y posiblemente anteriores permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) subject o (2) content."
}
],
"id": "CVE-2014-2339",
"lastModified": "2024-11-21T02:06:06.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-19T14:17:45.150",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/299"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66228"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 11:15
Modified
2024-11-21 06:40
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://0g.vc/posts/insecure-cipher-gnuboard5/ | Exploit, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0g.vc/posts/insecure-cipher-gnuboard5/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DCFF7E-1481-4DF1-B851-5B284DA4CC71",
"versionEndIncluding": "5.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n personal privada a un actor no autorizado en el repositorio de GitHub gnuboard/gnuboard5 anterior a la versi\u00f3n 5.5.5 inclusive. Una vulnerabilidad en gnuboard v5.5.5 e inferior utiliza algoritmos de cifrado d\u00e9biles que conducen a la exposici\u00f3n de informaci\u00f3n sensible. Esto permite a un atacante obtener la direcci\u00f3n de correo electr\u00f3nico de cualquier usuario, incluso cuando la casilla \"Permitir que otros vean mi informaci\u00f3n\" est\u00e1 marcada. O enviar correos electr\u00f3nicos a cualquier direcci\u00f3n de correo electr\u00f3nico, con pleno control de su contenido"
}
],
"id": "CVE-2022-1252",
"lastModified": "2024-11-21T06:40:20.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T11:15:07.943",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 17:15
Modified
2024-11-21 03:56
Severity ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:5.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "783AAE2C-5C29-4834-9AA5-BFFFF83A3B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board tail contents\" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter."
},
{
"lang": "es",
"value": "GNUBOARD5 versi\u00f3n 5.3.1.9 tiene Cross-Site Scripting (XSS) que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"mobile board tail contents\", tambi\u00e9n se conoce como el par\u00e1metro adm/board_form_update.php bo_mobile_content_tail."
}
],
"id": "CVE-2018-18676",
"lastModified": "2024-11-21T03:56:22.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T17:15:11.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3CCF19-0D80-4A90-95CC-293B3AB938DB",
"versionEndExcluding": "5.3.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en adm/contentformupdate.php en gnuboard5, versiones anteriores a la 5.3.1.6, permite que los atacantes remotos inyecten scripts web o HTLM arbitrarios."
}
],
"id": "CVE-2018-15580",
"lastModified": "2024-11-21T03:51:06.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-26T20:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4182a3e8b74f6eb325c45862f8f26e76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4182a3e8b74f6eb325c45862f8f26e76"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-24 16:15
Modified
2024-11-21 05:08
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp | Exploit, Technical Description | |
| cve@mitre.org | https://github.com/gnuboard/gnuboard5/issues/43 | Technical Description | |
| cve@mitre.org | https://www.seebug.org/vuldb/ssvid-97926 | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp | Exploit, Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gnuboard/gnuboard5/issues/43 | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seebug.org/vuldb/ssvid-97926 | Technical Description |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48830A72-A234-440B-832F-81BFBBD9ABC3",
"versionEndIncluding": "5.3.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in gnuboard5 \u003c=v5.3.2.8 via the act parameter in bbs/move_update.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en gnuboard5 versiones anteriores a v5.3.2.8 incluy\u00e9ndola, por medio del par\u00e1metro act en el archivo bbs/move_update.php"
}
],
"id": "CVE-2020-18663",
"lastModified": "2024-11-21T05:08:41.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-24T16:15:08.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://www.seebug.org/vuldb/ssvid-97926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://www.seebug.org/vuldb/ssvid-97926"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-18676
Vulnerability from cvelistv5
Published
2019-07-23 16:19
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board tail contents\" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T16:19:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board tail contents\" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18676",
"datePublished": "2019-07-23T16:19:38",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15583
Vulnerability from cvelistv5
Published
2019-03-25 20:19
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:53.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T20:19:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15583",
"datePublished": "2019-03-25T20:19:33",
"dateReserved": "2018-08-20T00:00:00",
"dateUpdated": "2024-08-05T10:01:53.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44216
Vulnerability from cvelistv5
Published
2023-02-20 00:00
Modified
2024-08-03 13:47
Severity ?
EPSS score ?
Summary
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sir.kr/g5_pds/6400"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim\u0027s original password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sir.kr/g5_pds/6400"
},
{
"url": "https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2"
},
{
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44216",
"datePublished": "2023-02-20T00:00:00",
"dateReserved": "2022-10-30T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18672
Vulnerability from cvelistv5
Published
2019-07-23 16:11
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board head contents\" parameter, aka the adm/board_form_update.php bo_content_head parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T16:11:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board head contents\" parameter, aka the adm/board_form_update.php bo_content_head parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18672",
"datePublished": "2019-07-23T16:11:20",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15581
Vulnerability from cvelistv5
Published
2019-04-26 19:01
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:53.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4280d95d6643b5d9673962736ada210b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-26T19:01:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4280d95d6643b5d9673962736ada210b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4280d95d6643b5d9673962736ada210b",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4280d95d6643b5d9673962736ada210b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15581",
"datePublished": "2019-04-26T19:01:03",
"dateReserved": "2018-08-20T00:00:00",
"dateUpdated": "2024-08-05T10:01:53.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18673
Vulnerability from cvelistv5
Published
2019-07-23 15:48
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"Menu Link\" parameter, aka the adm/menu_list_update.php me_link parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T15:48:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"Menu Link\" parameter, aka the adm/menu_list_update.php me_link parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-bf0e19438d64230c1541bcbf9746e6e5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18673",
"datePublished": "2019-07-23T15:48:11",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15585
Vulnerability from cvelistv5
Published
2019-03-27 19:01
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:53.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-27T19:01:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php"
},
{
"name": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15585",
"datePublished": "2019-03-27T19:01:33",
"dateReserved": "2018-08-20T00:00:00",
"dateUpdated": "2024-08-05T10:01:53.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4873
Vulnerability from cvelistv5
Published
2012-09-06 21:00
Modified
2024-09-17 01:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18627 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/48458 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/52622 | vdb-entry, x_refsource_BID | |
| http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18627",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18627"
},
{
"name": "48458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48458"
},
{
"name": "52622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds\u0026wr_id=7156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-06T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18627",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18627"
},
{
"name": "48458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48458"
},
{
"name": "52622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds\u0026wr_id=7156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18627",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18627"
},
{
"name": "48458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48458"
},
{
"name": "52622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52622"
},
{
"name": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds\u0026wr_id=7156",
"refsource": "CONFIRM",
"url": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds\u0026wr_id=7156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4873",
"datePublished": "2012-09-06T21:00:00Z",
"dateReserved": "2012-09-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:40:54.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15580
Vulnerability from cvelistv5
Published
2019-04-26 19:10
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:53.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4182a3e8b74f6eb325c45862f8f26e76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-26T19:10:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4182a3e8b74f6eb325c45862f8f26e76"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4182a3e8b74f6eb325c45862f8f26e76",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4182a3e8b74f6eb325c45862f8f26e76"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15580",
"datePublished": "2019-04-26T19:10:05",
"dateReserved": "2018-08-20T00:00:00",
"dateUpdated": "2024-08-05T10:01:53.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18670
Vulnerability from cvelistv5
Published
2019-07-23 16:03
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"Extra Contents\" parameter, aka the adm/config_form_update.php cf_1~10 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T16:03:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"Extra Contents\" parameter, aka the adm/config_form_update.php cf_1~10 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18670",
"datePublished": "2019-07-23T16:03:29",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41475
Vulnerability from cvelistv5
Published
2024-08-12 00:00
Modified
2024-08-13 14:35
Severity ?
EPSS score ?
Summary
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnuboard:gnuboard6:6.0.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gnuboard6",
"vendor": "gnuboard",
"versions": [
{
"status": "affected",
"version": "6.0.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41475",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T14:19:25.923303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:35:05.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T16:37:37.380120",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/AkiaCode/7c878b1699931314246d6589d86b1e89"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41475",
"datePublished": "2024-08-12T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-08-13T14:35:05.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0290
Vulnerability from cvelistv5
Published
2009-01-27 19:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/7792 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48015 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33304 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33564 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7792",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7792"
},
{
"name": "gnuboard-common-file-include(48015)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48015"
},
{
"name": "33304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33304"
},
{
"name": "33564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7792",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7792"
},
{
"name": "gnuboard-common-file-include(48015)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48015"
},
{
"name": "33304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33304"
},
{
"name": "33564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33564"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7792",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7792"
},
{
"name": "gnuboard-common-file-include(48015)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48015"
},
{
"name": "33304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33304"
},
{
"name": "33564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33564"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0290",
"datePublished": "2009-01-27T19:00:00",
"dateReserved": "2009-01-27T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18674
Vulnerability from cvelistv5
Published
2019-11-07 20:46
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board tail contents\" parameter, aka the adm/board_form_update.php bo_content_tail parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T20:46:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board tail contents\" parameter, aka the adm/board_form_update.php bo_content_tail parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18674",
"datePublished": "2019-11-07T20:46:57",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0269
Vulnerability from cvelistv5
Published
2005-02-10 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110477648219738&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/13711 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/12149 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18729 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050103 STG Security Advisory: [SSA-20041224-21] File extensions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110477648219738\u0026w=2"
},
{
"name": "13711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13711"
},
{
"name": "12149",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12149"
},
{
"name": "gnuboard-gbupdate-file-upload(18729)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050103 STG Security Advisory: [SSA-20041224-21] File extensions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110477648219738\u0026w=2"
},
{
"name": "13711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13711"
},
{
"name": "12149",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12149"
},
{
"name": "gnuboard-gbupdate-file-upload(18729)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050103 STG Security Advisory: [SSA-20041224-21] File extensions",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110477648219738\u0026w=2"
},
{
"name": "13711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13711"
},
{
"name": "12149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12149"
},
{
"name": "gnuboard-gbupdate-file-upload(18729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0269",
"datePublished": "2005-02-10T05:00:00",
"dateReserved": "2005-02-10T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-18661
Vulnerability from cvelistv5
Published
2021-06-24 14:54
Modified
2024-08-04 14:00
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gnuboard/gnuboard5/issues/43 | x_refsource_MISC | |
| https://www.seebug.org/vuldb/ssvid-97925 | x_refsource_MISC | |
| https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:49.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seebug.org/vuldb/ssvid-97925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in gnuboard5 \u003c=v5.3.2.8 via the url parameter to bbs/login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T14:54:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seebug.org/vuldb/ssvid-97925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in gnuboard5 \u003c=v5.3.2.8 via the url parameter to bbs/login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/issues/43",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"name": "https://www.seebug.org/vuldb/ssvid-97925",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-97925"
},
{
"name": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp",
"refsource": "MISC",
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#limited-reflective-xss-in-bbsloginphp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18661",
"datePublished": "2021-06-24T14:54:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:00:49.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4066
Vulnerability from cvelistv5
Published
2011-11-04 21:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50173 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70686 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1026197 | vdb-entry, x_refsource_SECTRACK | |
| http://www.exploit-db.com/exploits/17992 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50173"
},
{
"name": "gnuboard-board-sql-injection(70686)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70686"
},
{
"name": "1026197",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026197"
},
{
"name": "17992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50173"
},
{
"name": "gnuboard-board-sql-injection(70686)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70686"
},
{
"name": "1026197",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026197"
},
{
"name": "17992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50173"
},
{
"name": "gnuboard-board-sql-injection(70686)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70686"
},
{
"name": "1026197",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026197"
},
{
"name": "17992",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4066",
"datePublished": "2011-11-04T21:00:00",
"dateReserved": "2011-10-15T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18675
Vulnerability from cvelistv5
Published
2019-07-23 16:16
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board title contents\" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T16:16:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board title contents\" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18675",
"datePublished": "2019-07-23T16:16:39",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-18662
Vulnerability from cvelistv5
Published
2021-06-24 15:01
Modified
2024-08-04 14:00
Severity ?
EPSS score ?
Summary
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gnuboard/gnuboard5/issues/43 | x_refsource_MISC | |
| https://www.seebug.org/vuldb/ssvid-97927 | x_refsource_MISC | |
| https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:49.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seebug.org/vuldb/ssvid-97927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in gnuboard5 \u003c=v5.3.2.8 via the table_prefix parameter in install_db.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T15:01:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seebug.org/vuldb/ssvid-97927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection vulnerability in gnuboard5 \u003c=v5.3.2.8 via the table_prefix parameter in install_db.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/issues/43",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"name": "https://www.seebug.org/vuldb/ssvid-97927",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-97927"
},
{
"name": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp",
"refsource": "MISC",
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18662",
"datePublished": "2021-06-24T15:01:38",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:00:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1403
Vulnerability from cvelistv5
Published
2005-02-12 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11948 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/13479/ | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18494 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110313585810712&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://sir.co.kr/?doc=bbs/gnuboard.php&bo_table=pds&page=1&wr_id=1871 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:22.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11948"
},
{
"name": "13479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13479/"
},
{
"name": "gnuboard-doc-index-file-include(18494)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18494"
},
{
"name": "20041215 STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110313585810712\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sir.co.kr/?doc=bbs/gnuboard.php\u0026bo_table=pds\u0026page=1\u0026wr_id=1871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11948"
},
{
"name": "13479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13479/"
},
{
"name": "gnuboard-doc-index-file-include(18494)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18494"
},
{
"name": "20041215 STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110313585810712\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sir.co.kr/?doc=bbs/gnuboard.php\u0026bo_table=pds\u0026page=1\u0026wr_id=1871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11948"
},
{
"name": "13479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13479/"
},
{
"name": "gnuboard-doc-index-file-include(18494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18494"
},
{
"name": "20041215 STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110313585810712\u0026w=2"
},
{
"name": "http://sir.co.kr/?doc=bbs/gnuboard.php\u0026bo_table=pds\u0026page=1\u0026wr_id=1871",
"refsource": "MISC",
"url": "http://sir.co.kr/?doc=bbs/gnuboard.php\u0026bo_table=pds\u0026page=1\u0026wr_id=1871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1403",
"datePublished": "2005-02-12T05:00:00",
"dateReserved": "2005-02-12T00:00:00",
"dateUpdated": "2024-08-08T00:53:22.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18671
Vulnerability from cvelistv5
Published
2019-07-23 15:44
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board head contents\" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T15:44:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board head contents\" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18671",
"datePublished": "2019-07-23T15:44:21",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18669
Vulnerability from cvelistv5
Published
2019-07-23 14:47
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board title contents\" parameter, aka the adm/board_form_update.php bo_subject parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T14:47:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board title contents\" parameter, aka the adm/board_form_update.php bo_subject parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18669",
"datePublished": "2019-07-23T14:47:13",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15582
Vulnerability from cvelistv5
Published
2019-04-26 19:13
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:53.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-26T19:13:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15582",
"datePublished": "2019-04-26T19:13:56",
"dateReserved": "2018-08-20T00:00:00",
"dateUpdated": "2024-08-05T10:01:53.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30050
Vulnerability from cvelistv5
Published
2022-05-16 16:40
Modified
2024-08-03 06:40
Severity ?
EPSS score ?
Summary
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:40:47.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T16:40:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc",
"refsource": "MISC",
"url": "https://gratis-herring-da5.notion.site/Gnuboard-Reflected-XSS-25d593d8a2b84a46a998bfd5816c54fc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30050",
"datePublished": "2022-05-16T16:40:24",
"dateReserved": "2022-05-02T00:00:00",
"dateUpdated": "2024-08-03T06:40:47.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18678
Vulnerability from cvelistv5
Published
2019-10-30 17:58
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board group extra contents\" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T17:58:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board group extra contents\" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
},
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d87f2c71fb4fe131465ba1ff0a5d573d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18678",
"datePublished": "2019-10-30T17:58:11",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-18663
Vulnerability from cvelistv5
Published
2021-06-24 15:03
Modified
2024-08-04 14:00
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gnuboard/gnuboard5/issues/43 | x_refsource_MISC | |
| https://www.seebug.org/vuldb/ssvid-97926 | x_refsource_MISC | |
| https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:49.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seebug.org/vuldb/ssvid-97926"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in gnuboard5 \u003c=v5.3.2.8 via the act parameter in bbs/move_update.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T15:03:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seebug.org/vuldb/ssvid-97926"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in gnuboard5 \u003c=v5.3.2.8 via the act parameter in bbs/move_update.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/issues/43",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/issues/43"
},
{
"name": "https://www.seebug.org/vuldb/ssvid-97926",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-97926"
},
{
"name": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp",
"refsource": "MISC",
"url": "https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#reflective-xss-in-bbsmove_updatephp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18663",
"datePublished": "2021-06-24T15:03:57",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:00:49.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3963
Vulnerability from cvelistv5
Published
2022-11-12 00:00
Modified
2024-08-03 01:27
Severity ?
EPSS score ?
Summary
A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | gnuboard5 |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.213540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnuboard5",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-12T00:00:00",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9"
},
{
"url": "https://vuldb.com/?id.213540"
}
],
"title": "gnuboard5 FAQ Key ID faq.php cross site scripting",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3963",
"datePublished": "2022-11-12T00:00:00",
"dateReserved": "2022-11-12T00:00:00",
"dateUpdated": "2024-08-03T01:27:54.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15584
Vulnerability from cvelistv5
Published
2019-04-26 19:06
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-0e9aa589be0cec73df5f154aa40f5b06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-22d0b3c0987a60483473990fc07f1886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-26T19:06:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-0e9aa589be0cec73df5f154aa40f5b06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-22d0b3c0987a60483473990fc07f1886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-0e9aa589be0cec73df5f154aa40f5b06",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-0e9aa589be0cec73df5f154aa40f5b06"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-22d0b3c0987a60483473990fc07f1886",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-22d0b3c0987a60483473990fc07f1886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15584",
"datePublished": "2019-04-26T19:06:56",
"dateReserved": "2018-08-20T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1252
Vulnerability from cvelistv5
Published
2022-04-11 10:15
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb | x_refsource_CONFIRM | |
| https://0g.vc/posts/insecure-cipher-gnuboard5/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gnuboard | gnuboard/gnuboard5 |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "gnuboard/gnuboard5",
"vendor": "gnuboard",
"versions": [
{
"lessThanOrEqual": "5.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents\u003c/p\u003e"
}
],
"value": "Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:41:17.963Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
],
"source": {
"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"discovery": "EXTERNAL"
},
"title": "Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1252",
"STATE": "PUBLIC",
"TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in gnuboard/gnuboard5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnuboard/gnuboard5",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.5.5"
}
]
}
}
]
},
"vendor_name": "gnuboard"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"name": "https://0g.vc/posts/insecure-cipher-gnuboard5/",
"refsource": "MISC",
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
]
},
"source": {
"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1252",
"datePublished": "2022-04-11T10:15:14",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2339
Vulnerability from cvelistv5
Published
2014-03-19 14:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/66228 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2014/Mar/299 | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91814 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66228"
},
{
"name": "20140317 [CVE-2014-2339] GNUboard SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/299"
},
{
"name": "gnuboard-cve20142339-sql-injection(91814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66228"
},
{
"name": "20140317 [CVE-2014-2339] GNUboard SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/299"
},
{
"name": "gnuboard-cve20142339-sql-injection(91814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66228"
},
{
"name": "20140317 [CVE-2014-2339] GNUboard SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/299"
},
{
"name": "gnuboard-cve20142339-sql-injection(91814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2339",
"datePublished": "2014-03-19T14:00:00",
"dateReserved": "2014-03-12T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18668
Vulnerability from cvelistv5
Published
2019-08-26 20:04
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172 | x_refsource_MISC | |
| https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496 | x_refsource_MISC | |
| https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"homepage title\" parameter, aka the adm/config_form_update.php cf_title parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T20:04:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"homepage title\" parameter, aka the adm/config_form_update.php cf_title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172"
},
{
"name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496",
"refsource": "MISC",
"url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496"
},
{
"name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0",
"refsource": "CONFIRM",
"url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18668",
"datePublished": "2019-08-26T20:04:54",
"dateReserved": "2018-10-26T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}