CVE-2025-7786 MEDIUM

CVE-2025-7786: Gnuboard g6 Post Reply qa cross site scripting

Vendor Gnuboard

Product g6

Weakness CWE-79 · XSS

Published July 18, 2025

Last update July 18, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

July 18, 2025 CVE published

July 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7786 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-7786

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions

Vendor Gnuboard

Product g6

Affected 6.0.0

Vendor Gnuboard

Product g6

Affected 6.0.1

Vendor Gnuboard

Product g6

Affected 6.0.2

Vendor Gnuboard

Product g6

Affected 6.0.3

Vendor Gnuboard

Product g6

Affected 6.0.4

Vendor Gnuboard

Product g6

Affected 6.0.5

Vendor Gnuboard

Product g6

Affected 6.0.6

Vendor Gnuboard

Product g6

Affected 6.0.7

Vendor Gnuboard

Product g6

Affected 6.0.8

Vendor Gnuboard

Product g6

Affected 6.0.9

Vendor Gnuboard

Product g6

Affected 6.0.10

CVE-2025-7786: Gnuboard g6 Post Reply qa cross site scripting

01Description

02Disclosure timeline

03References

04Related CVE