Gnuboard5
by gnuboard
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3831 | 0.02 | — | 0.27 | Dec 14, 2021 | gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2022-1252 | 0.00 | — | 0.00 | Apr 11, 2022 | Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents | |||
| CVE-2018-15582 | 0.00 | — | 0.00 | Apr 26, 2019 | Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2018-15580 | 0.00 | — | 0.00 | Apr 26, 2019 | Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2018-15584 | 0.00 | — | 0.00 | Apr 26, 2019 | Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2018-15581 | 0.00 | — | 0.00 | Apr 26, 2019 | Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2018-15585 | 0.00 | — | 0.00 | Mar 27, 2019 | Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | |||
| CVE-2018-15583 | 0.00 | — | 0.00 | Mar 25, 2019 | Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. |
- CVE-2021-3831Dec 14, 2021risk 0.02cvss —epss 0.27
gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2022-1252Apr 11, 2022risk 0.00cvss —epss 0.00
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
- CVE-2018-15582Apr 26, 2019risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
- CVE-2018-15580Apr 26, 2019risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
- CVE-2018-15584Apr 26, 2019risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
- CVE-2018-15581Apr 26, 2019risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
- CVE-2018-15585Mar 27, 2019risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
- CVE-2018-15583Mar 25, 2019risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.