Vulnerabilities > Mybb > Mybb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-03 | CVE-2014-1840 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message. | 4.3 |
2014-01-10 | CVE-2013-7288 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. | 4.3 |
2014-01-08 | CVE-2013-7275 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. | 4.3 |
2012-11-17 | CVE-2012-5909 | SQL Injection vulnerability in Mybb 1.6.6 SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | 7.5 |
2012-11-17 | CVE-2012-5908 | Cross-Site Scripting vulnerability in Mybb 1.6.6 Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php. | 4.3 |
2012-08-30 | CVE-2011-5133 | Multiple Security vulnerability in MyBB Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list." | 10.0 |
2012-08-30 | CVE-2011-5132 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX." | 4.3 |
2012-08-30 | CVE-2011-5131 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. | 6.8 |
2012-08-13 | CVE-2012-2327 | Information Exposure vulnerability in Mybb MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. | 5.0 |
2012-08-13 | CVE-2012-2326 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment. | 4.3 |