CVE-2025-7786
BaseFortify
Publication date: 2025-07-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sir | gnuboard | to 6.0.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7786 is a stored Cross-Site Scripting (XSS) vulnerability in Gnuboard g6 versions up to 6.0.10. It occurs because user inputs, specifically from registered users who bookmark and reply to posts, are not properly sanitized or encoded before being displayed. This allows attackers to inject malicious JavaScript code into posts, which executes in the browsers of users viewing those posts. The vulnerability resides in the Post Reply Handler component, particularly in the file path /bbs/scrap_popin_update/qa/. The attack requires some user interaction and can be initiated remotely. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing or upgrading the affected Gnuboard g6 software to a version that addresses this vulnerability, if available. Since no known mitigations or countermeasures have been identified, it is recommended to consider disabling or restricting access to the vulnerable endpoint `/bbs/scrap_popin_update/qa/` to prevent exploitation. Additionally, applying input sanitization and output encoding on user inputs in the reply content can help prevent XSS attacks. Limiting user privileges and monitoring for suspicious activity are also advisable. If an update or patch is not yet available, consider temporarily disabling the affected functionality or restricting user actions that involve posting or replying until a fix is applied. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in the browsers of users who view the affected posts. This can lead to malicious activities such as stealing user cookies, conducting phishing attacks, and compromising user data integrity. Since the malicious script runs in the context of the affected website, it can impersonate users or hijack their sessions, potentially leading to unauthorized access or data theft. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the affected Gnuboard g6 versions (up to 6.0.10) are in use and checking for unsanitized user input in the endpoint `/bbs/scrap_popin_update/qa/`. You can monitor HTTP requests and responses for suspicious JavaScript payloads in posts, especially in the reply content. Commands to detect potential exploitation could include using web application scanners or manual inspection with curl or wget to fetch pages and grep for suspicious script tags or payloads. For example, you might use: `curl -s http://your-gnuboard-site/bbs/scrap_popin_update/qa/{post_id} | grep -i '<script>'` or similar commands to look for injected scripts. Additionally, monitoring logs for unusual POST requests to `/bbs/scrap_popin_update/qa/` with suspicious payloads can help detect attempts. However, no specific detection commands or tools are provided in the resources. [1, 3]