Vulnerabilities > Mybb > Mybb

DATE CVE VULNERABILITY TITLE RISK
2014-03-03 CVE-2014-1840 Cross-Site Scripting vulnerability in Mybb
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.
network
mybb CWE-79
4.3
4.3
2014-01-10 CVE-2013-7288 Cross-Site Scripting vulnerability in Mybb
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.
network
mybb CWE-79
4.3
4.3
2014-01-08 CVE-2013-7275 Cross-Site Scripting vulnerability in Mybb
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
network
mybb CWE-79
4.3
4.3
2012-11-17 CVE-2012-5909 SQL Injection vulnerability in Mybb 1.6.6
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
network
low complexity
mybb CWE-89
7.5
7.5
2012-11-17 CVE-2012-5908 Cross-Site Scripting vulnerability in Mybb 1.6.6
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
network
mybb CWE-79
4.3
4.3
2012-08-30 CVE-2011-5133 Multiple Security vulnerability in MyBB
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
network
low complexity
mybb
critical
 10.0
10
2012-08-30 CVE-2011-5132 Cross-Site Scripting vulnerability in Mybb
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."
network
mybb CWE-79
4.3
4.3
2012-08-30 CVE-2011-5131 Cross-Site Request Forgery (CSRF) vulnerability in Mybb
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.
network
mybb CWE-352
6.8
6.8
2012-08-13 CVE-2012-2327 Information Exposure vulnerability in Mybb
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.
network
low complexity
mybb CWE-200
5.0
5.0
2012-08-13 CVE-2012-2326 Cross-Site Scripting vulnerability in Mybb
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
network
mybb CWE-79
4.3
4.3