Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2019-9650

Published: 11/03/2019 Updated: 26/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

An XSS issue exists in upcoming_events.php in the Upcoming Events plugin prior to 1.33 for MyBB via a crafted name for an event.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

upcoming events project upcoming events

Exploits

Exploit DB: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting
# Exploit Title: MyBB Upcoming Events Plugin 132 - Cross-Site Scripting # Date: 3/8/2019 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pmme # Software Link: communitymybbcom/modsphp?action=view&pid=1231 # Version: 132 # Tested on: Ubuntu 1804 # CVE: CVE-2019-9650 1 Description: This plugin shows upcoming calendar event ...

References

CWE-79https://github.com/vintagedaddyo/MyBB_Plugin-Upcoming_Events/pull/1/commits/d0a0e1c6e56f248613e0150344ebea8764bba5fahttps://community.mybb.com/mods.php?action=changelog&pid=1231https://www.exploit-db.com/exploits/46558/http://packetstormsecurity.com/files/152152/MyBB-Upcoming-Events-1.32-Cross-Site-Scripting.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/46558
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-33545CVE-2024-35725CVE-2024-32704overflowfile uploadCVE-2024-0230CVE-2024-32705CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook