CVE-2019-20225
- EPSS 0.65%
- Veröffentlicht 02.01.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:38:14
MyBB before 1.8.22 allows an open redirect on login.
CVE-2019-12830
- EPSS 0.98%
- Veröffentlicht 15.06.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:23:40
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
CVE-2019-12831
- EPSS 1.5%
- Veröffentlicht 15.06.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:23:40
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML ...
CVE-2019-3578
- EPSS 0.79%
- Veröffentlicht 06.06.2019 19:29:00
- Zuletzt bearbeitet 30.06.2025 16:52:10
MyBB 1.8.19 has XSS in the resetpassword function.
CVE-2019-3579
- EPSS 1.53%
- Veröffentlicht 06.06.2019 19:29:00
- Zuletzt bearbeitet 30.06.2025 16:51:43
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
CVE-2018-19202
- EPSS 0.78%
- Veröffentlicht 11.04.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:32
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.
CVE-2018-19201
- EPSS 0.79%
- Veröffentlicht 29.03.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:32
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.
CVE-2018-17128
- EPSS 74.75%
- Veröffentlicht 17.09.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:54
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
CVE-2018-15596
- EPSS 2.26%
- Veröffentlicht 28.08.2018 19:29:16
- Zuletzt bearbeitet 21.11.2024 03:51:08
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the gen...
CVE-2018-1000502
- EPSS 1.28%
- Veröffentlicht 26.06.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:03
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. Th...