Vulnerabilities > Mybb > Mybb > 1.8.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-09 | CVE-2022-24734 | Code Injection vulnerability in Mybb MyBB is a free and open source forum software. | 7.2 |
| 2021-11-04 | CVE-2021-43281 | Code Injection vulnerability in Mybb MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. | 6.5 |
| 2021-10-26 | CVE-2021-41866 | Cross-site Scripting vulnerability in Mybb MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. | 3.5 |
| 2021-03-15 | CVE-2021-27949 | Cross-site Scripting vulnerability in Mybb Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. | 4.3 |
| 2021-03-15 | CVE-2021-27948 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. | 6.5 |
| 2021-03-15 | CVE-2021-27947 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. | 6.5 |
| 2021-03-15 | CVE-2021-27946 | SQL Injection vulnerability in Mybb SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. | 6.5 |
| 2021-03-15 | CVE-2021-27890 | SQL Injection vulnerability in Mybb SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | 6.8 |
| 2021-03-15 | CVE-2021-27889 | Cross-site Scripting vulnerability in Mybb Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. | 4.3 |
| 2021-02-22 | CVE-2021-27279 | Cross-site Scripting vulnerability in Mybb MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). | 3.5 |