Vulnerabilities > Mybb > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2021-41866 | Cross-site Scripting vulnerability in Mybb MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. | 3.5 |
| 2021-08-31 | CVE-2020-19049 | Cross-site Scripting vulnerability in Mybb 1.8.20 Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | 3.5 |
| 2021-08-31 | CVE-2020-19048 | Cross-site Scripting vulnerability in Mybb 1.8.20 Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | 3.5 |
| 2021-02-22 | CVE-2021-27279 | Cross-site Scripting vulnerability in Mybb MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). | 3.5 |
| 2020-02-11 | CVE-2014-3826 | Cross-site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module. | 3.5 |
| 2020-02-11 | CVE-2014-3827 | Cross-site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php. | 3.5 |
| 2019-06-15 | CVE-2019-12830 | Cross-site Scripting vulnerability in Mybb In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | 3.5 |
| 2019-03-21 | CVE-2018-14724 | Cross-site Scripting vulnerability in Mybb BAN List 1.0 In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | 3.5 |
| 2018-09-17 | CVE-2018-17128 | Cross-site Scripting vulnerability in Mybb A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | 3.5 |
| 2018-02-08 | CVE-2018-6844 | Cross-site Scripting vulnerability in Mybb 1.8.14 MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. | 3.5 |