Vulnerabilities > Xiuno

DATE CVE VULNERABILITY TITLE RISK
2022-09-07 CVE-2020-19914 Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4
Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.
network
low complexity
xiuno CWE-79
6.1
6.1
2021-10-04 CVE-2020-21493 Unspecified vulnerability in Xiuno Xiunobbs 4.0.4
An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.
network
low complexity
xiuno
5.3
5.3
2021-10-04 CVE-2020-21494 Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
network
low complexity
xiuno CWE-79
6.1
6.1
2021-10-04 CVE-2020-21495 Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.
network
low complexity
xiuno CWE-79
6.1
6.1
2021-10-04 CVE-2020-21496 Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.
network
low complexity
xiuno CWE-79
6.1
6.1
2019-12-26 CVE-2019-19998 XXE vulnerability in Xiuno Xiunobbs 4.0
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.
network
low complexity
xiuno CWE-611
7.5
7.5
2018-08-20 CVE-2018-15559 Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4
The editor in Xiuno BBS 4.0.4 allows stored XSS.
network
low complexity
xiuno CWE-79
6.1
6.1