CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0CVE-2013-7288
https://notcve.org/view.php?id=CVE-2013-7288
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Vulnerabilidad cross-site scripting (XSS) en la función mycode_parse_video de inc/class_parser.php de MyBB (MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores relacionados con URLs de video Yahoo. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/show/osvdb/101544 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 1CVE-2013-7275
https://notcve.org/view.php?id=CVE-2013-7275
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Vulnerabilidad cross-site scripting (XSS) en misc.php de MyBB (tambien conocido como MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través del parámetro editor en un listado de smileis. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/101545 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-5908 – MyBB 1.6.6 - 'index.php?conditions[usergroup][]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5908
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/modules/user/users.php en MyBB (alias MyBulletinBoard) v1.6.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro conditions[usergroup][] en una acción de búsqueda a admin/index.php. • https://www.exploit-db.com/exploits/37019 http://osvdb.org/80633 http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html http://www.securityfocus.com/bid/52743 https://exchange.xforce.ibmcloud.com/vulnerabilities/74397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2012-5909 – MyBB 1.6.6 - 'index.php?conditions[usergroup][]' SQL Injection
https://notcve.org/view.php?id=CVE-2012-5909
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. Una vulnerabilidad de inyección SQL en admin/modules/user/users.php en MyBB (alias MyBulletinBoard) v1.6.6 permite a atacantes remotos ejecutar comandos SQL a través del parámetro conditions[usergroup][] en una acción de búsqueda a admin/index.php. • https://www.exploit-db.com/exploits/37018 http://osvdb.org/80634 http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html http://www.securityfocus.com/bid/52743 https://exchange.xforce.ibmcloud.com/vulnerabilities/74396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 50EXPL: 0CVE-2011-5131
https://notcve.org/view.php?id=CVE-2011-5131
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. Vulnerabilidad de solicitudes falsificadas en sitios cruzados (CSRF) en global.php en MyBB anterior a v1.6.5 permite a atacantes remotos secuestrar la autenticación de un usuario para solicitar un cambio de lenguaje del usuario a través del parámetro de lenguaje. • http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release http://dev.mybb.com/issues/1729 http://secunia.com/advisories/46951 http://www.osvdb.org/77327 http://www.securityfocus.com/bid/50816 https://exchange.xforce.ibmcloud.com/vulnerabilities/71462 • CWE-352: Cross-Site Request Forgery (CSRF) •