CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2014-5248
https://notcve.org/view.php?id=CVE-2014-5248
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. Vulnerabilidad de XSS en MyBB anterior a 1.6.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a traves de vectores relacionados con video MyCode. • http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release http://secunia.com/advisories/59707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 2CVE-2014-1840 – MyBB 1.6.12 POST Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-1840
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message. Vulnerabilidad de XSS en Upload/search.php en MyBB 1.6.12 y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro keywords en una acción do_search, que no es manejado debidamente en un mensaje de error forzado de SQL. • http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0CVE-2013-7288
https://notcve.org/view.php?id=CVE-2013-7288
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Vulnerabilidad cross-site scripting (XSS) en la función mycode_parse_video de inc/class_parser.php de MyBB (MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores relacionados con URLs de video Yahoo. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/show/osvdb/101544 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 1CVE-2013-7275
https://notcve.org/view.php?id=CVE-2013-7275
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Vulnerabilidad cross-site scripting (XSS) en misc.php de MyBB (tambien conocido como MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través del parámetro editor en un listado de smileis. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/101545 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 50EXPL: 0CVE-2011-5131
https://notcve.org/view.php?id=CVE-2011-5131
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. Vulnerabilidad de solicitudes falsificadas en sitios cruzados (CSRF) en global.php en MyBB anterior a v1.6.5 permite a atacantes remotos secuestrar la autenticación de un usuario para solicitar un cambio de lenguaje del usuario a través del parámetro de lenguaje. • http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release http://dev.mybb.com/issues/1729 http://secunia.com/advisories/46951 http://www.osvdb.org/77327 http://www.securityfocus.com/bid/50816 https://exchange.xforce.ibmcloud.com/vulnerabilities/71462 • CWE-352: Cross-Site Request Forgery (CSRF) •