Vulnerabilities > Mybb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-13 | CVE-2018-10678 | Open Redirect vulnerability in Mybb 1.8.15 MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. | 5.8 |
| 2018-02-21 | CVE-2018-7305 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb 1.8.14 MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. | 4.0 |
| 2018-02-08 | CVE-2018-6844 | Cross-site Scripting vulnerability in Mybb 1.8.14 MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. | 3.5 |
| 2017-11-10 | CVE-2017-16781 | Cross-site Scripting vulnerability in Mybb The installer in MyBB before 1.8.13 has XSS. | 3.5 |
| 2017-11-10 | CVE-2017-16780 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | 7.5 |
| 2017-04-24 | CVE-2017-8104 | Path Traversal vulnerability in Mybb In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | 5.0 |
| 2017-04-24 | CVE-2017-8103 | Cross-site Scripting vulnerability in Mybb In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. | 4.3 |
| 2017-04-06 | CVE-2017-7566 | Server-Side Request Forgery (SSRF) vulnerability in Mybb MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. | 4.0 |
| 2017-01-31 | CVE-2016-9421 | Cross-site Scripting vulnerability in Mybb Merge System and Mybb Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2017-01-31 | CVE-2016-9420 | Improper Input Validation vulnerability in Mybb Merge System and Mybb MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives." | 7.5 |