Vulnerabilities > Mybb > Mybb > 1.8.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-10 | CVE-2020-15139 | Cross-site Scripting vulnerability in Mybb In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. | 4.3 |
| 2020-01-02 | CVE-2019-20225 | Open Redirect vulnerability in Mybb MyBB before 1.8.22 allows an open redirect on login. | 5.8 |
| 2019-06-15 | CVE-2019-12831 | Improper Input Validation vulnerability in Mybb In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. | 6.5 |
| 2019-06-15 | CVE-2019-12830 | Cross-site Scripting vulnerability in Mybb In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | 3.5 |
| 2019-04-11 | CVE-2018-19202 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter. | 4.3 |
| 2019-03-29 | CVE-2018-19201 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | 4.3 |
| 2018-09-17 | CVE-2018-17128 | Cross-site Scripting vulnerability in Mybb A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | 3.5 |
| 2018-06-26 | CVE-2018-1000503 | Improper Privilege Management vulnerability in Mybb MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. | 4.0 |
| 2018-06-26 | CVE-2018-1000502 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mybb MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. | 6.5 |
| 2017-11-10 | CVE-2017-16781 | Cross-site Scripting vulnerability in Mybb The installer in MyBB before 1.8.13 has XSS. | 3.5 |