Aggregates CVE and security vulnerability intelligence across all beetl-bbs_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk input validation and related problems; some flaws may lead to vendor impact unexpected behavior.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-22490 | Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. | [email protected] | 6.1 | 0.10% | 2024-01-23 | 2024-11-21 |
| CVE-2024-22491 | A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. | [email protected] | 5.4 | 0.09% | 2024-01-16 | 2025-06-05 |
| CVE-2022-4347 | A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107. | [email protected] | 3.5 | 0.18% | 2022-12-08 | 2024-11-21 |