Vulnerabilities > Mybb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-29 | CVE-2018-19201 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | 6.1 |
| 2019-03-21 | CVE-2018-14724 | Cross-site Scripting vulnerability in Mybb BAN List 1.0 In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | 5.4 |
| 2018-09-17 | CVE-2018-17128 | Cross-site Scripting vulnerability in Mybb A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | 5.4 |
| 2018-08-28 | CVE-2018-15596 | Cross-site Scripting vulnerability in Mybb 1.8.17 An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. | 6.1 |
| 2018-07-19 | CVE-2018-14392 | Cross-site Scripting vulnerability in Mybb NEW Threads 1.0/1.1 The New Threads plugin before 1.2 for MyBB has XSS. | 6.1 |
| 2018-06-26 | CVE-2018-1000503 | Improper Privilege Management vulnerability in Mybb MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. | 4.3 |
| 2018-05-13 | CVE-2018-10678 | Open Redirect vulnerability in Mybb 1.8.15 MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. | 6.1 |
| 2018-02-21 | CVE-2018-7305 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb 1.8.14 MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. | 4.9 |
| 2018-02-08 | CVE-2018-6844 | Cross-site Scripting vulnerability in Mybb 1.8.14 MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. | 5.4 |
| 2017-11-10 | CVE-2017-16781 | Cross-site Scripting vulnerability in Mybb The installer in MyBB before 1.8.13 has XSS. | 5.4 |