Vulnerabilities > Mybb

DATE CVE VULNERABILITY TITLE RISK
2018-05-13 CVE-2018-10678 Open Redirect vulnerability in Mybb 1.8.15
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.
network
mybb CWE-601
5.8
2018-02-21 CVE-2018-7305 Cross-Site Request Forgery (CSRF) vulnerability in Mybb 1.8.14
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.
network
low complexity
mybb CWE-352
4.0
2018-02-08 CVE-2018-6844 Cross-site Scripting vulnerability in Mybb 1.8.14
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
network
mybb CWE-79
3.5
2017-11-10 CVE-2017-16781 Cross-site Scripting vulnerability in Mybb
The installer in MyBB before 1.8.13 has XSS.
network
mybb CWE-79
3.5
2017-11-10 CVE-2017-16780 Cross-Site Request Forgery (CSRF) vulnerability in Mybb
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
network
low complexity
mybb CWE-352
7.5
2017-04-24 CVE-2017-8104 Path Traversal vulnerability in Mybb
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
network
low complexity
mybb CWE-22
5.0
2017-04-24 CVE-2017-8103 Cross-site Scripting vulnerability in Mybb
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
network
mybb CWE-79
4.3
2017-04-06 CVE-2017-7566 Server-Side Request Forgery (SSRF) vulnerability in Mybb
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
network
low complexity
mybb CWE-918
4.0
2017-01-31 CVE-2016-9421 Cross-site Scripting vulnerability in Mybb Merge System and Mybb
Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
mybb CWE-79
4.3
2017-01-31 CVE-2016-9420 Improper Input Validation vulnerability in Mybb Merge System and Mybb
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."
network
low complexity
mybb CWE-20
7.5