Page 4 of 128 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin MyBB Cross-Poster de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a una comprobación insuficiente y saneamiento de entradas por medio de diversos parámetros encontrados en el archivo ~/classes/MyBBXPSettings.php que permitían a atacantes con acceso de usuario administrativo inyectar scripts web arbitrarios, en versiones hasta la 1.0 incluyéndola. Esto afecta a las instalaciones multi-sitio en las que unfiltered_html está deshabilitado para los administradores, y a los sitios en los que unfiltered_html está deshabilitado The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators and sites where unfiltered_html is disabled. • https://github.com/BigTiger2020/word-press/blob/main/MyBB%20Cross-Poster.md https://plugins.trac.wordpress.org/browser/mybb-cross-poster/trunk/classes/MyBBXPSettings.php https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en MyBB versión v1.8.20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo "Description" que se encuentra en la página "Add New Forum" haciendo una petición HTTP POST autenticada a "/Upload/admin/index.php?module=forum-management&action=add" • https://github.com/joelister/bug/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en MyBB versión v1.8.20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo "Title" que se encuentra en la página "Add New Forum" haciendo una petición HTTP POST autenticada a "/Upload/admin/index.php?module=forum-management&action=add" • https://github.com/joelister/bug/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. Una vulnerabilidad de tipo Cross-site Scripting en MyBB versiones anteriores a 1.8.26, por medio de las herramientas de moderación Custom • https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). Una vulnerabilidad de inyección SQL en MyBB versiones anteriores a 1.8.26 mediante User Groups. (número 3 de 3) • https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •