Woltlab CVE - OpenCVE

Filtered by vendor Woltlab Subscribe

Total 46 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2006-1034	1 Woltlab	1 Burning Board	2025-04-03	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.
CVE-2006-3218	1 Woltlab	1 Burning Board	2025-04-03	7.5 HIGH	N/A
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2005-2673	1 Woltlab	1 Burning Board	2025-04-03	7.5 HIGH	N/A
SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters.
CVE-2006-3219	1 Woltlab	1 Burning Board	2025-04-03	7.5 HIGH	N/A
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
CVE-2006-0927	2 Jgs-xa, Woltlab	2 Jgs-gallery Addon, Burning Board	2025-04-03	2.6 LOW	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.
CVE-2006-2792	1 Woltlab	1 Burning Board	2025-04-03	7.5 HIGH	N/A
SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

Vulnerabilities (CVE)