Xiuno

Xiunobbs

7 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-19914

Exploit
  • EPSS 0.3%
  • Published 07.09.2022 22:15:08
  • Last modified 21.11.2024 05:09:29

Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.

5.3

CVE-2020-21493

Exploit
  • EPSS 0.19%
  • Published 04.10.2021 21:15:12
  • Last modified 21.11.2024 05:12:37

An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.

6.1

CVE-2020-21494

Exploit
  • EPSS 0.31%
  • Published 04.10.2021 21:15:12
  • Last modified 21.11.2024 05:12:37

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.

6.1

CVE-2020-21495

Exploit
  • EPSS 0.22%
  • Published 04.10.2021 21:15:12
  • Last modified 21.11.2024 05:12:37

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.

6.1

CVE-2020-21496

Exploit
  • EPSS 0.22%
  • Published 04.10.2021 21:15:12
  • Last modified 21.11.2024 05:12:37

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.

7.5

CVE-2019-19998

Exploit
  • EPSS 0.36%
  • Published 26.12.2019 04:15:10
  • Last modified 21.11.2024 04:35:48

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.

6.1

CVE-2018-15559

Exploit
  • EPSS 0.3%
  • Published 20.08.2018 00:29:00
  • Last modified 21.11.2024 03:51:03

The editor in Xiuno BBS 4.0.4 allows stored XSS.