CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000503
https://notcve.org/view.php?id=CVE-2018-1000503
26 Jun 2018 — MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15. MyBB Group MyBB contiene una vulnerabilidad de control de acceso incorrecto en los foros privados que puede resultar en que los usuarios puedan ver foros privados sin tener la contraseña. Este ataque parece... • http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html • CWE-269: Improper Privilege Management •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7305
https://notcve.org/view.php?id=CVE-2018-7305
21 Feb 2018 — MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. MyBB 1.8.14 no comprueba un token CSRF válido, lo que conduce al borrado arbitrario de cuentas de usuario. • https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6844
https://notcve.org/view.php?id=CVE-2018-6844
08 Feb 2018 — MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. MyBB 1.8.14 tiene XSS mediante los campos Title o Description en la pantalla Edit Forum. • https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •