CVE-2005-0269 — CVSS 9.8 (critical): The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote…
CVE-2022-1252 — CVSS 8.2 (high): Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in…
CVE-2022-44216 — CVSS 7.5 (high): Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's…
CVE-2011-4066 — CVSS 7.5 (high): SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the…
CVE-2004-1403 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by…
CVE-2009-0290 — CVSS 6.8 (medium): Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local…
CVE-2014-2339 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to…
CVE-2025-61464 — CVSS 6.5 (medium): gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
CVE-2018-18671 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents"…
CVE-2018-18672 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka…
CVE-2018-18673 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the…
CVE-2018-18674 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka…
CVE-2018-18676 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents"…
CVE-2018-18678 — CVSS 6.1 (medium): GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents"…
CVE-2020-18661 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
CVE-2020-18663 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.
CVE-2024-24156 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote…
CVE-2024-24157 — CVSS 6.1 (medium): Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS)…
CVE-2024-37656 — CVSS 6.1 (medium): An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL…
CVE-2024-37657 — CVSS 6.1 (medium): An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php…
CVE-2024-37658 — CVSS 6.1 (medium): An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the…
CVE-2024-39097 — CVSS 6.1 (medium): There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.
CVE-2018-18675 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents"…
CVE-2018-15580 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject…
CVE-2018-15581 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject…
CVE-2018-15582 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before…
CVE-2018-15583 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web…
CVE-2018-15584 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6…
CVE-2018-15585 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web…
CVE-2018-18668 — CVSS 6.1 (medium): GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter…
CVE-2018-18669 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka…
CVE-2018-18670 — CVSS 6.1 (medium): GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the…
CVE-2025-60859 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id…
CVE-2012-4873 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject…
CVE-2025-7786 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown…
CVE-2022-3963 — CVSS 3.5 (low): A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of…