Cross-Site Scripting (XSS) vulnerability in adm/boardgroupformupdate.php and adm/boardgrouplistupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.