CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19049
https://notcve.org/view.php?id=CVE-2020-19049
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en MyBB versión v1.8.20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo "Description" que se encuentra en la página "Add New Forum" haciendo una petición HTTP POST autenticada a "/Upload/admin/index.php?module=forum-management&action=add" • https://github.com/joelister/bug/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19048
https://notcve.org/view.php?id=CVE-2020-19048
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en MyBB versión v1.8.20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo "Title" que se encuentra en la página "Add New Forum" haciendo una petición HTTP POST autenticada a "/Upload/admin/index.php?module=forum-management&action=add" • https://github.com/joelister/bug/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27949
https://notcve.org/view.php?id=CVE-2021-27949
Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. Una vulnerabilidad de tipo Cross-site Scripting en MyBB versiones anteriores a 1.8.26, por medio de las herramientas de moderación Custom • https://github.com/mybb/mybb/security/advisories/GHSA-cmmr-39v8-8rx2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27948
https://notcve.org/view.php?id=CVE-2021-27948
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). Una vulnerabilidad de inyección SQL en MyBB versiones anteriores a 1.8.26 mediante User Groups. (número 3 de 3) • https://github.com/mybb/mybb/security/advisories/GHSA-3p9w-2q65-r6g2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27947
https://notcve.org/view.php?id=CVE-2021-27947
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). Una vulnerabilidad de inyección SQL en MyBB versiones anteriores a 1.8.26, por medio de la funcionalidad Copy Forum en Forum Management. (número 2 de 3) • https://github.com/mybb/mybb/security/advisories/GHSA-jjx8-8mcp-7h65 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •