Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

gnuboard

Source -

CNANVDADP

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

3

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
6Vulnerabilities found
CVE-2024-39097
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 27.16%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.

Action-Not Available
Vendor-n/agnuboard
Product-n/agnuboard6
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-41475
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 00:00
Updated-18 Sep, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.

Action-Not Available
Vendor-sirn/agnuboard
Product-gnuboardn/agnuboard6
CWE ID-CWE-346
Origin Validation Error
CVE-2024-24156
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 35.50%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:00
Updated-19 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter.

Action-Not Available
Vendor-n/agnuboard
Product-n/agnuboard6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4293
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.07% / 22.88%
||
7 Day CHG~0.00%
Published-28 Dec, 2022 | 08:53
Updated-03 Aug, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gnuboard youngcart5 menu_list_update.php cross site scripting

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menu_list_update.php. The manipulation of the argument me_link leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.4.5.2 is able to address this issue. The name of the patch is 70daa537adfa47b87af12d85f1e698fff01785ff. It is recommended to upgrade the affected component. VDB-216954 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-sirgnuboard
Product-youngcart5youngcart5
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1252
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.2||HIGH
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 10:15
Updated-19 Sep, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5

Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents

Action-Not Available
Vendor-sirgnuboard
Product-gnuboardgnuboard/gnuboard5
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-3831
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-2.08% / 83.26%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 10:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action-Not Available
Vendor-gnuboardgnuboard
Product-gnuboard5gnuboard/gnuboard5
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')