Gnuboard
Monthly
Cross-site scripting (XSS) vulnerability in Gnuboard g6 up to version 6.0.10 allows authenticated remote attackers to inject arbitrary JavaScript into the Post Reply Handler component at /bbs/scrap_popin_update/qa/ path, requiring user interaction for exploitation. The vulnerability has been publicly disclosed with exploit code available; however, the low EPSS score (0.05%, 15th percentile) and CVSS 2.0 rating suggest limited real-world exploitation probability despite public availability of proof-of-concept.
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.
Cross-site scripting (XSS) vulnerability in Gnuboard g6 up to version 6.0.10 allows authenticated remote attackers to inject arbitrary JavaScript into the Post Reply Handler component at /bbs/scrap_popin_update/qa/ path, requiring user interaction for exploitation. The vulnerability has been publicly disclosed with exploit code available; however, the low EPSS score (0.05%, 15th percentile) and CVSS 2.0 rating suggest limited real-world exploitation probability despite public availability of proof-of-concept.
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.