Vulnerabilities > Xiuno
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-04 | CVE-2020-21493 | Unspecified vulnerability in Xiuno Xiunobbs 4.0.4 An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. | 5.0 |
2021-10-04 | CVE-2020-21494 | Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4 A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. | 4.3 |
2021-10-04 | CVE-2020-21495 | Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. | 4.3 |
2021-10-04 | CVE-2020-21496 | Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. | 4.3 |
2019-12-26 | CVE-2019-19998 | XXE vulnerability in Xiuno Xiunobbs 4.0 Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. | 5.0 |
2018-08-20 | CVE-2018-15559 | Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4 The editor in Xiuno BBS 4.0.4 allows stored XSS. | 4.3 |