CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2008-3967
https://notcve.org/view.php?id=CVE-2008-3967
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. moderation.php en MyBB (también conocido como MyBulletinBoard) versiones anteriores a 1.4.1 no comprueba adecuadamente los privilegios del moderados, lo cual tiene un impacto y vectores de ataque desconocidos. • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2008-3334
https://notcve.org/view.php?id=CVE-2008-3334
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en MyBB versiones 1.2.x anteriores a 1.2.14, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, posiblemente involucrando el archivo search.php. • http://community.mybboard.net/thread-33865.html http://secunia.com/advisories/31216 http://www.securityfocus.com/bid/30401 https://exchange.xforce.ibmcloud.com/vulnerabilities/44034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •