Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mybb mybb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-4552
Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) prior to 1.8.5 allows remote malicious users to inject arbitrary web script or HTML via the content of a post.
Mybb Mybb
7.2
CVSSv3
CVE-2022-24734
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change S...
Mybb Mybb
1 Metasploit module
2 Github repositories
7.2
CVSSv3
CVE-2023-41362
MyBB prior to 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.
Mybb Mybb
1 Github repository
5.4
CVSSv3
CVE-2014-3826
Cross-site scripting (XSS) vulnerability in MyBB prior to 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.
Mybb Mybb
6.1
CVSSv3
CVE-2018-19201
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB prior to 1.8.20 allows remote malicious users to inject JavaScript via the 'username' parameter.
Mybb Mybb
6.1
CVSSv3
CVE-2018-19202
A reflected XSS vulnerability in index.php in MyBB 1.8.x up to and including 1.8.19 allows remote malicious users to inject JavaScript via the 'upsetting[bburl]' parameter.
Mybb Mybb
NA
CVE-2015-2149
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) prior to 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types modul...
Mybb Mybb
NA
CVE-2008-3069
Multiple cross-site scripting (XSS) vulnerabilities in MyBB prior to 1.2.13 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
Mybb Mybb
NA
CVE-2008-3070
Unspecified vulnerability in inc/datahandler/user.php in MyBB prior to 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
Mybb Mybb
NA
CVE-2008-3071
Directory traversal vulnerability in inc/class_language.php in MyBB prior to 1.2.13 has unknown impact and attack vectors related to the $language variable.
Mybb Mybb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »