Filtered by vendor Sir
Subscribe
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18675 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter. | |||||
| CVE-2018-18674 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. | |||||
| CVE-2018-18673 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter. | |||||
| CVE-2018-18672 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter. | |||||
| CVE-2018-18671 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter. | |||||
| CVE-2018-18670 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter. | |||||
| CVE-2018-18669 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter. | |||||
| CVE-2018-18668 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | |||||
| CVE-2018-15585 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | |||||
| CVE-2018-15584 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-15583 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | |||||
| CVE-2018-15582 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-15581 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-15580 | 1 Sir | 1 Gnuboard | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-18572 | 1 Sir | 1 Gnucommerce | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 1.4.2 for WordPress has XSS. | |||||
| CVE-2016-10920 | 1 Sir | 1 Gnucommerce | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | |||||
| CVE-2014-2339 | 1 Sir | 1 Gnuboard | 2026-06-17 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. | |||||
| CVE-2012-4873 | 1 Sir | 1 Gnuboard | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | |||||
| CVE-2011-4066 | 1 Sir | 1 Gnuboard | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | |||||
| CVE-2009-0290 | 1 Sir | 1 Gnuboard | 2026-06-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname. | |||||