Xiunobbs
Monthly
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The editor in Xiuno BBS 4.0.4 allows stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The editor in Xiuno BBS 4.0.4 allows stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.