{"id":"CVE-2025-60859","details":"Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.","modified":"2026-04-10T05:32:30.546134Z","published":"2025-10-23T19:15:50.867Z","references":[{"type":"FIX","url":"https://github.com/gnuboard/gnuboard5/commit/002e43e5fb84b465357b445772c881e196e100d3"},{"type":"EVIDENCE","url":"https://creeperkirby.notion.site/Gnboard5-5-6-15-reflected-XSS-25c4fe7db8cf80efa20fc2ebefcfe61e?source=copy_link"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnuboard/gnuboard5","events":[{"introduced":"0"},{"last_affected":"5da91ab73e5928acbd79969c4055bfda90448f43"},{"fixed":"002e43e5fb84b465357b445772c881e196e100d3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.6.15"}]}}],"versions":["5.4.6","v5.4.10","v5.4.11","v5.4.12","v5.4.13","v5.4.13.1","v5.4.14","v5.4.15","v5.4.15.1","v5.4.16","v5.4.17","v5.4.18","v5.4.18.1","v5.4.19","v5.4.20","v5.4.21","v5.4.22","v5.4.7","v5.4.8","v5.4.9","v5.5.1","v5.5.1-beta","v5.5.10","v5.5.11","v5.5.12","v5.5.13","v5.5.14","v5.5.2","v5.5.3","v5.5.3.1","v5.5.8","v5.5.8.1","v5.5.8.1.1","v5.5.8.1.2","v5.5.8.2","v5.5.8.2.1","v5.5.8.2.3","v5.5.8.2.5","v5.5.8.2.6","v5.5.8.2.7","v5.5.8.2.8","v5.5.8.2.9","v5.5.8.3","v5.5.8.3.1","v5.5.8.3.2","v5.5.8.3.3","v5.5.8.3.4","v5.5.9","v5.6","v5.6.1","v5.6.10","v5.6.11","v5.6.12","v5.6.13","v5.6.14","v5.6.15","v5.6.2","v5.6.3","v5.6.4","v5.6.5","v5.6.6","v5.6.7","v5.6.8","v5.6.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60859.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}