A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Thu, 04 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Sir
Sir gnuboard
CPEs cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*
Vendors & Products Sir
Sir gnuboard

Fri, 18 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 18 Jul 2025 13:30:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title Gnuboard g6 Post Reply qa cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-07-18T13:39:57.109Z

Reserved: 2025-07-18T07:24:31.416Z

Link: CVE-2025-7786

cve-icon Vulnrichment

Updated: 2025-07-18T13:39:43.758Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-18T14:15:27.270

Modified: 2025-09-04T15:48:26.473

Link: CVE-2025-7786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.