Vulnerabilities > Mybb

DATE CVE VULNERABILITY TITLE RISK
2019-06-06 CVE-2019-3578 Cross-site Scripting vulnerability in Mybb 1.18.19
MyBB 1.8.19 has XSS in the resetpassword function.
network
mybb CWE-79
4.3
2019-04-11 CVE-2018-19202 Cross-site Scripting vulnerability in Mybb
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.
network
mybb CWE-79
4.3
2019-03-29 CVE-2018-19201 Cross-site Scripting vulnerability in Mybb
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.
network
mybb CWE-79
4.3
2019-03-21 CVE-2018-14724 Cross-site Scripting vulnerability in Mybb BAN List 1.0
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
network
mybb CWE-79
3.5
2019-03-21 CVE-2018-14575 Cross-Site Request Forgery (CSRF) vulnerability in Mybb Trash BIN 1.1.3
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
network
mybb CWE-352
6.8
2018-09-17 CVE-2018-17128 Cross-site Scripting vulnerability in Mybb
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
network
mybb CWE-79
3.5
2018-08-28 CVE-2018-15596 Cross-site Scripting vulnerability in Mybb 1.8.17
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17.
network
mybb CWE-79
4.3
2018-07-19 CVE-2018-14392 Cross-site Scripting vulnerability in Mybb NEW Threads 1.0/1.1
The New Threads plugin before 1.2 for MyBB has XSS.
network
mybb CWE-79
4.3
2018-06-26 CVE-2018-1000503 Improper Privilege Management vulnerability in Mybb
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password.
network
low complexity
mybb CWE-269
4.0
2018-06-26 CVE-2018-1000502 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mybb
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions.
network
low complexity
mybb CWE-829
6.5