CVE-2025-7786

Summary

A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
Gnuboardg66.0.0affected
Gnuboardg66.0.1affected
Gnuboardg66.0.2affected
Gnuboardg66.0.3affected
Gnuboardg66.0.4affected
Gnuboardg66.0.5affected
Gnuboardg66.0.6affected
Gnuboardg66.0.7affected
Gnuboardg66.0.8affected
Gnuboardg66.0.9affected
Gnuboardg66.0.10affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References