CVE-2025-60859

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-60859
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60859.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-60859
Published
2025-10-23T19:15:50.867Z
Modified
2026-04-10T05:32:30.546134Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php.

References

Affected packages

Git / github.com/gnuboard/gnuboard5

Affected ranges

Type
GIT
Repo
https://github.com/gnuboard/gnuboard5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5da91ab73e5928acbd79969c4055bfda90448f43
Fixed
002e43e5fb84b465357b445772c881e196e100d3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.15"
        }
    ]
}

Affected versions

5.*
5.4.6
v5.*
v5.4.10
v5.4.11
v5.4.12
v5.4.13
v5.4.13.1
v5.4.14
v5.4.15
v5.4.15.1
v5.4.16
v5.4.17
v5.4.18
v5.4.18.1
v5.4.19
v5.4.20
v5.4.21
v5.4.22
v5.4.7
v5.4.8
v5.4.9
v5.5.1
v5.5.1-beta
v5.5.10
v5.5.11
v5.5.12
v5.5.13
v5.5.14
v5.5.2
v5.5.3
v5.5.3.1
v5.5.8
v5.5.8.1
v5.5.8.1.1
v5.5.8.1.2
v5.5.8.2
v5.5.8.2.1
v5.5.8.2.3
v5.5.8.2.5
v5.5.8.2.6
v5.5.8.2.7
v5.5.8.2.8
v5.5.8.2.9
v5.5.8.3
v5.5.8.3.1
v5.5.8.3.2
v5.5.8.3.3
v5.5.8.3.4
v5.5.9
v5.6
v5.6.1
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60859.json"