Latest mybb mybb Vulnerabilities

CVE-2023-46251
Visual editor persistent Cross-site Scripting (XSS) in MyBB
Mybb Mybb<1.8.37
CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.
Mybb Mybb<1.8.37
CVE-2020-22612
Installer RCE on settings file write in MyBB before 1.8.22.
Mybb Mybb<1.8.22
CVE-2023-41362
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling inte...
Mybb Mybb<1.8.36
CVE-2023-28467
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.
Mybb Mybb<1.8.34
CVE-2022-45867
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.
Mybb Mybb<1.8.33
CVE-2022-43708
MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially craf...
Mybb Mybb<1.8.32
CVE-2022-43709
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.
Mybb Mybb<1.8.32
CVE-2022-43707
MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data
Mybb Mybb<1.8.32
CVE-2022-39265
MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's opt...
Mybb Mybb<1.8.31
CVE-2022-24734
MyBB Admin Control Panel Code Injection Remote Code Execution Vulnerability
Mybb Mybb>=1.2.0<1.8.30
Mybb Mybb
CVE-2021-43281
MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion...
Mybb Mybb>=1.2.0<1.8.29
CVE-2021-41866
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
Mybb Mybb<1.8.28
CVE-2020-19049
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST H...
Mybb Mybb=1.8.20
CVE-2020-19048
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP re...
Mybb Mybb=1.8.20
CVE-2021-27947
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
Mybb Mybb<1.8.26
CVE-2021-27949
Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.
Mybb Mybb<1.8.26
CVE-2021-27946
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
Mybb Mybb<1.8.26
CVE-2021-27948
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
Mybb Mybb<1.8.26
CVE-2021-27890
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
Mybb Mybb<1.8.26
CVE-2021-27889
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
Mybb Mybb<1.8.26
CVE-2021-27279
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
Mybb Mybb<1.8.25
CVE-2020-15139
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be explo...
Mybb Mybb<1.8.24
CVE-2014-3826
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_...
Mybb Mybb<1.6.13
CVE-2014-3827
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in th...
Mybb Mybb<1.8.4
CVE-2019-20225
MyBB before 1.8.22 allows an open redirect on login.
Mybb Mybb<1.8.22
CVE-2019-12831
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cach...
Mybb Mybb<1.8.21
CVE-2019-12830
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCo...
Mybb Mybb<1.8.21
CVE-2019-3579
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
Mybb Mybb=1.18.19
CVE-2019-3578
MyBB 1.8.19 has XSS in the resetpassword function.
Mybb Mybb=1.18.19
CVE-2018-19202
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.
Mybb Mybb>=1.8.0<1.8.20
CVE-2018-19201
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.
Mybb Mybb<1.8.20
CVE-2018-17128
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
MyBB MyBB<1.8.19
CVE-2018-15596
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. T...
Mybb Mybb=1.8.17
CVE-2018-1000503
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be ex...
Mybb Mybb<1.8.15
CVE-2018-10678
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.
Mybb Mybb=1.8.15

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203