CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0544
https://notcve.org/view.php?id=CVE-2007-0544
29 Jan 2007 — Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en private.php de MyBB (también conocido como MyBulletinBoard) permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través del campo Asunto (Subject), un vector distinto de C... • http://osvdb.org/32967 •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 3CVE-2006-2070 – DevBB 1.0 - 'member.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2070
27 Apr 2006 — Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action. • https://www.exploit-db.com/exploits/27742 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-0442 – MyBB 1.0.1/1.0.2 Notepad - 'usercp.php' HTML Injection
https://notcve.org/view.php?id=CVE-2006-0442
26 Jan 2006 — Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. Múltiples vulnerabilidades de XSS en usercp.php en MyBulletinBoard (MyBB) 1.02 permiten a atacantes remotos inyectar secuencias de co... • https://www.exploit-db.com/exploits/27122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2006-0218
https://notcve.org/view.php?id=CVE-2006-0218
16 Jan 2006 — Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one ... • http://community.mybboard.net/showthread.php?tid=5852 •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2005-4199
https://notcve.org/view.php?id=CVE-2005-4199
13 Dec 2005 — Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •