Vulnerabilities > Mybb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-3578 | Cross-site Scripting vulnerability in Mybb 1.18.19 MyBB 1.8.19 has XSS in the resetpassword function. | 6.1 |
| 2019-04-11 | CVE-2018-19202 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter. | 6.1 |
| 2019-03-29 | CVE-2018-19201 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | 6.1 |
| 2019-03-21 | CVE-2018-14724 | Cross-site Scripting vulnerability in Mybb BAN List 1.0 In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | 5.4 |
| 2019-03-21 | CVE-2018-14575 | Cross-site Scripting vulnerability in Mybb Trash BIN 1.1.3 Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | 8.8 |
| 2018-09-17 | CVE-2018-17128 | Cross-site Scripting vulnerability in Mybb A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | 5.4 |
| 2018-08-28 | CVE-2018-15596 | Cross-site Scripting vulnerability in Mybb 1.8.17 An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. | 6.1 |
| 2018-07-19 | CVE-2018-14392 | Cross-site Scripting vulnerability in Mybb NEW Threads 1.0/1.1 The New Threads plugin before 1.2 for MyBB has XSS. | 6.1 |
| 2018-06-26 | CVE-2018-1000503 | Improper Privilege Management vulnerability in Mybb MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. | 4.3 |
| 2018-06-26 | CVE-2018-1000502 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mybb MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. | 7.2 |