Vulnerabilities > SIR > Gnuboard > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-16 | CVE-2022-30050 | Cross-site Scripting vulnerability in SIR Gnuboard 5.55/5.56 Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. | 4.3 |
2014-03-19 | CVE-2014-2339 | SQL Injection vulnerability in SIR Gnuboard Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. | 6.5 |
2012-09-06 | CVE-2012-4873 | Cross-Site Scripting vulnerability in SIR Gnuboard 4.31.3/4.31.4/4.33.2 Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | 4.3 |
2009-01-27 | CVE-2009-0290 | Path Traversal vulnerability in SIR Gnuboard 4.31.03 Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |