Page 18 of 128 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Vulnerabilidad cross-site scripting (XSS) en la función mycode_parse_video de inc/class_parser.php de MyBB (MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores relacionados con URLs de video Yahoo. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/show/osvdb/101544 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 1

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Vulnerabilidad cross-site scripting (XSS) en misc.php de MyBB (tambien conocido como MyBulletinBoard) anteriores a 1.6.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través del parámetro editor en un listado de smileis. • http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://osvdb.org/101545 http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. Una vulnerabilidad de inyección SQL en admin/modules/user/users.php en MyBB (alias MyBulletinBoard) v1.6.6 permite a atacantes remotos ejecutar comandos SQL a través del parámetro conditions[usergroup][] en una acción de búsqueda a admin/index.php. • https://www.exploit-db.com/exploits/37018 http://osvdb.org/80634 http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html http://www.securityfocus.com/bid/52743 https://exchange.xforce.ibmcloud.com/vulnerabilities/74396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/modules/user/users.php en MyBB (alias MyBulletinBoard) v1.6.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro conditions[usergroup][] en una acción de búsqueda a admin/index.php. • https://www.exploit-db.com/exploits/37019 http://osvdb.org/80633 http://packetstormsecurity.org/files/111238/MyBB-1.6.6-Cross-Site-Scripting-SQL-Injection.html http://www.securityfocus.com/bid/52743 https://exchange.xforce.ibmcloud.com/vulnerabilities/74397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0

Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list." Vulnerabilidad no especificada en MyBB anterior a v1.6.5 tiene un impacto desconocido y vectores de ataque también desconocidos, relacionados con un "avatar de usuario no parseado en una lista (buddy)". • http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release http://secunia.com/advisories/46951 http://www.osvdb.org/77325 http://www.securityfocus.com/bid/50816 •