CVSS: 5.4EPSS: 1%CPEs: 1EXPL: 2CVE-2018-17128 – MyBB Visual Editor 1.8.18 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-17128
17 Sep 2018 — A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. Se ha descubierto un problema de Cross-Site Scripting (XSS) persistente en Visual Editor en MyBB en versiones anteriores a la 1.8.19 mediante Video MyCode. MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/149469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2018-15596 – MyBB 1.8.17 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-15596
28 Aug 2018 — An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS. Se ha descubierto un problema en inc/class_feedgeneration.php en MyBB 1.8.17. • https://packetstorm.news/files/id/149316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •