Vulnerabilities > SIR

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-41475 Origin Validation Error vulnerability in SIR Gnuboard 6.0.7
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
network
low complexity
sir CWE-346
8.8
2023-02-20 CVE-2022-44216 Missing Authentication for Critical Function vulnerability in SIR Gnuboard 5.5.4/5.5.5
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions.
network
low complexity
sir CWE-306
7.5
2022-12-28 CVE-2021-4293 Cross-site Scripting vulnerability in SIR Youngcart5
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1.
network
low complexity
sir CWE-79
6.1
2022-11-12 CVE-2022-3963 Cross-site Scripting vulnerability in SIR Gnuboard
A vulnerability was found in gnuboard5.
network
low complexity
sir CWE-79
5.4
2022-05-16 CVE-2022-30050 Cross-site Scripting vulnerability in SIR Gnuboard 5.5.5/5.5.6
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
network
low complexity
sir CWE-79
6.1
2022-04-11 CVE-2022-1252 Use of a Broken or Risky Cryptographic Algorithm vulnerability in SIR Gnuboard
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5.
network
low complexity
sir CWE-327
critical
9.1
2021-06-24 CVE-2020-18662 SQL Injection vulnerability in SIR Gnuboard
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
network
low complexity
sir CWE-89
critical
9.8
2021-06-24 CVE-2020-18663 Cross-site Scripting vulnerability in SIR Gnuboard
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.
network
low complexity
sir CWE-79
6.1
2021-06-24 CVE-2020-18661 Cross-site Scripting vulnerability in SIR Gnuboard
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
network
low complexity
sir CWE-79
6.1
2019-11-07 CVE-2018-18674 Cross-site Scripting vulnerability in SIR Gnuboard 5.3.1.9
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
network
low complexity
sir CWE-79
6.1