SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.

Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template.