Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mybb mybb vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-27279
MyBB prior to 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
Mybb Mybb
6.1
CVSSv3
CVE-2021-3350
deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.
Delete Account Project Delete Account 1.4
7.5
CVSSv3
CVE-2021-3337
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote malicious users to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.
Hide Thread Content Project Hide Thread Content 1.0
6.1
CVSSv3
CVE-2020-15139
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g....
Mybb Mybb
5.4
CVSSv3
CVE-2014-3826
Cross-site scripting (XSS) vulnerability in MyBB prior to 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.
Mybb Mybb
5.4
CVSSv3
CVE-2014-3827
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) prior to 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser acti...
Mybb Mybb
6.1
CVSSv3
CVE-2019-20225
MyBB prior to 1.8.22 allows an open redirect on login.
Mybb Mybb
8.8
CVSSv3
CVE-2019-12363
An CSRF issue exists in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate opera...
Mybb-2fa Project Mybb-2fa
7.2
CVSSv3
CVE-2019-12831
In MyBB prior to 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by t...
Mybb Mybb
8.7
CVSSv3
CVE-2019-12830
In MyBB prior to 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
Mybb Mybb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »