Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mybb mybb 1.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-3337
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote malicious users to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.
Hide Thread Content Project Hide Thread Content 1.0
5.4
CVSSv3
CVE-2021-33371
A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.
Student Management System Project Student Management System 1.0
5.4
CVSSv3
CVE-2018-14724
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
Mybb Ban List 1.0
5.4
CVSSv3
CVE-2018-11715
The Recent Threads plugin prior to 1.1 for MyBB allows XSS via a thread subject.
Recent Threads Project Recent Threads
1 EDB exploit
4.8
CVSSv3
CVE-2021-39338
The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitr...
Mybb Cross-poster Project Mybb Cross-poster
NA
CVE-2018-147241
MyBB Bans List version 1.0 suffers from a cross site scripting vulnerability.
NA
CVE-2013-7288
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) prior to 1.6.12 allows remote malicious users to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.
Mybb Mybb 1.6.6
Mybb Mybb 1.6.5
Mybb Mybb 1.6.4
Mybb Mybb 1.6.3
Mybb Mybb 1.6.2
Mybb Mybb 1.4.16
Mybb Mybb 1.4.15
Mybb Mybb 1.4.14
Mybb Mybb 1.4.13
Mybb Mybb 1.2.2
Mybb Mybb 1.2.14
Mybb Mybb 1.2.13
Mybb Mybb 1.2.12
Mybb Mybb 1.1.0
Mybb Mybb 1.04
Mybb Mybb 1.03
Mybb Mybb 1.02
Mybb Mybb 1.6.10
Mybb Mybb 1.6.7
Mybb Mybb 1.6.0
Mybb Mybb 1.5.1
Mybb Mybb 1.4.5
NA
CVE-2013-7275
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) prior to 1.6.12 allows remote malicious users to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
Mybb Mybb 1.6.8
Mybb Mybb 1.4.9
Mybb Mybb 1.4.8
Mybb Mybb 1.4.7
Mybb Mybb 1.4.6
Mybb Mybb 1.3
Mybb Mybb 1.2.9
Mybb Mybb 1.2.8
Mybb Mybb 1.2.7
Mybb Mybb 1.2
Mybb Mybb 1.1.8
Mybb Mybb 1.1.7
Mybb Mybb 1.1.6
Mybb Mybb 1.0
Mybb Mybb 1.6.6
Mybb Mybb 1.6.5
Mybb Mybb 1.6.4
Mybb Mybb 1.6.3
Mybb Mybb 1.6.2
Mybb Mybb 1.4.16
Mybb Mybb 1.4.15
Mybb Mybb 1.4.14
NA
CVE-2010-5096
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) prior to 1.6.1 allow remote malicious users to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes t...
Mybb Mybb 1.2.10
Mybb Mybb 1.4.11
Mybb Mybb 1.2.8
Mybb Mybb 1.4.3
Mybb Mybb 1.4.12
Mybb Mybb 1.0
Mybb Mybb 1.04
Mybb Mybb 1.1.1
Mybb Mybb 1.4.5
Mybb Mybb 1.1.3
Mybb Mybb 1.2.2
Mybb Mybb 1.4.14
Mybb Mybb 1.2.9
Mybb Mybb 1.4.8
Mybb Mybb 1.4.15
Mybb Mybb 1.2.1
Mybb Mybb 1.01
Mybb Mybb 1.1.6
Mybb Mybb 1.2.6
Mybb Mybb 1.4.0
Mybb Mybb 1.2.0
Mybb Mybb 1.4.1
2 EDB exploits
NA
CVE-2012-2327
MyBB (aka MyBulletinBoard) prior to 1.6.7 allows remote malicious users to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.
Mybb Mybb 1.6.5
Mybb Mybb 1.4.14
Mybb Mybb 1.4.12
Mybb Mybb 1.4.7
Mybb Mybb 1.4.5
Mybb Mybb 1.4.3
Mybb Mybb 1.5.2
Mybb Mybb 1.2.14
Mybb Mybb 1.2.7
Mybb Mybb 1.2.5
Mybb Mybb 1.2.0
Mybb Mybb 1.1.7
Mybb Mybb 1.1.5
Mybb Mybb 1.1.0
Mybb Mybb 1.03
Mybb Mybb 1.0
Mybb Mybb 1.6.3
Mybb Mybb 1.6.2
Mybb Mybb 1.6.1
Mybb Mybb 1.4.16
Mybb Mybb 1.4.2
Mybb Mybb 1.4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »