Vulnerabilities > Mybb > Mybb > 1.8.22
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-04 | CVE-2021-43281 | Code Injection vulnerability in Mybb MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. | 6.5 |
2021-10-26 | CVE-2021-41866 | Cross-site Scripting vulnerability in Mybb MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. | 3.5 |
2021-03-15 | CVE-2021-27949 | Cross-site Scripting vulnerability in Mybb Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. | 4.3 |
2021-03-15 | CVE-2021-27948 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. | 6.5 |
2021-03-15 | CVE-2021-27947 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. | 6.5 |
2021-03-15 | CVE-2021-27946 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. | 6.5 |
2021-03-15 | CVE-2021-27890 | SQL Injection vulnerability in Mybb SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | 6.8 |
2021-03-15 | CVE-2021-27889 | Cross-site Scripting vulnerability in Mybb Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. | 4.3 |
2021-02-22 | CVE-2021-27279 | Cross-site Scripting vulnerability in Mybb MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). | 3.5 |
2020-08-10 | CVE-2020-15139 | Cross-site Scripting vulnerability in Mybb In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. | 4.3 |