CVE-2014-5248
https://notcve.org/view.php?id=CVE-2014-5248
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. Vulnerabilidad de XSS en MyBB anterior a 1.6.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a traves de vectores relacionados con video MyCode. • http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release http://secunia.com/advisories/59707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-1840 – MyBB 1.6.12 POST Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-1840
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message. Vulnerabilidad de XSS en Upload/search.php en MyBB 1.6.12 y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro keywords en una acción do_search, que no es manejado debidamente en un mensaje de error forzado de SQL. • http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-7288
https://notcve.org/view.php?id=CVE-2013-7288
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Vulnerabilidad cross-site scripting (XSS) en la función mycode_parse_video de inc/class_parser.php de MyBB (MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores relacionados con URLs de video Yahoo. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/show/osvdb/101544 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-7275
https://notcve.org/view.php?id=CVE-2013-7275
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Vulnerabilidad cross-site scripting (XSS) en misc.php de MyBB (tambien conocido como MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través del parámetro editor en un listado de smileis. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/101545 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-5133
https://notcve.org/view.php?id=CVE-2011-5133
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list." Vulnerabilidad no especificada en MyBB anterior a v1.6.5 tiene un impacto desconocido y vectores de ataque también desconocidos, relacionados con un "avatar de usuario no parseado en una lista (buddy)". • http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release http://secunia.com/advisories/46951 http://www.osvdb.org/77325 http://www.securityfocus.com/bid/50816 •