Vulnerabilities > Mybb > Mybb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-30 | CVE-2010-4522 | Cross-Site Scripting vulnerability in Mybb 1.4.14/1.6.0 Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php. | 4.3 |
2008-11-04 | CVE-2008-4930 | Improper Input Validation vulnerability in Mybb 1.4.2 MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. | 5.0 |
2008-11-04 | CVE-2008-4929 | Use of Insufficiently Random Values vulnerability in Mybb 1.4.2 MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | 7.5 |
2008-11-04 | CVE-2008-4928 | Cross-Site Scripting vulnerability in Mybb 1.4.2 Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. | 4.3 |
2008-09-11 | CVE-2008-3967 | Permissions, Privileges, and Access Controls vulnerability in Mybb moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | 7.5 |
2008-09-11 | CVE-2008-3966 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | 4.3 |
2008-09-11 | CVE-2008-3965 | SQL Injection vulnerability in Mybb SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. | 7.5 |
2008-07-27 | CVE-2008-3334 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | 4.3 |
2008-07-08 | CVE-2008-3071 | Path Traversal vulnerability in Mybb Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | 7.5 |
2008-07-08 | CVE-2008-3070 | SQL-Injection vulnerability in MyBB Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | 7.5 |