Vulnerabilities > Mybb > Mybb > 1.8.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-10 | CVE-2020-15139 | Cross-site Scripting vulnerability in Mybb In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. | 4.3 |
| 2020-01-02 | CVE-2019-20225 | Open Redirect vulnerability in Mybb MyBB before 1.8.22 allows an open redirect on login. | 5.8 |
| 2019-06-15 | CVE-2019-12831 | Improper Input Validation vulnerability in Mybb In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. | 6.5 |
| 2019-06-15 | CVE-2019-12830 | Cross-site Scripting vulnerability in Mybb In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | 3.5 |
| 2019-04-11 | CVE-2018-19202 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter. | 4.3 |
| 2019-03-29 | CVE-2018-19201 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | 4.3 |
| 2018-09-17 | CVE-2018-17128 | Cross-site Scripting vulnerability in Mybb A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | 3.5 |