Vulnerabilities > SIR > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-28 | CVE-2021-4293 | Cross-site Scripting vulnerability in SIR Youngcart5 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. | 6.1 |
2022-05-16 | CVE-2022-30050 | Cross-site Scripting vulnerability in SIR Gnuboard 5.55/5.56 Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. | 4.3 |
2019-08-22 | CVE-2017-18572 | Cross-site Scripting vulnerability in SIR Gnucommerce The gnucommerce plugin before 1.4.2 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2016-10920 | Cross-site Scripting vulnerability in SIR Gnucommerce The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | 4.3 |
2014-03-19 | CVE-2014-2339 | SQL Injection vulnerability in SIR Gnuboard Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. | 6.5 |
2012-09-06 | CVE-2012-4873 | Cross-Site Scripting vulnerability in SIR Gnuboard 4.31.3/4.31.4/4.33.2 Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | 4.3 |
2009-01-27 | CVE-2009-0290 | Path Traversal vulnerability in SIR Gnuboard 4.31.03 Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |