Page 8 of 76 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. MyBB 1.8.14 tiene XSS mediante los campos Title o Description en la pantalla Edit Forum. • https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

The installer in MyBB before 1.8.13 has XSS. El instalador en MyBB en versiones anteriores a la 1.8.13 tiene Cross-Site Scripting (XSS). • https://www.exploit-db.com/exploits/43137 https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. El instalador en MyBB en versiones anteriores a la 1.8.13 permite que atacantes remotos ejecuten código arbitrario escribiendo en el archivo de configuración. • https://www.exploit-db.com/exploits/43136 https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. En MyBB en versiones anteriores a 1.8.11, el módulo smilie permite Salto de Directorio a través del parámetro pathfolder. • http://seclists.org/fulldisclosure/2017/Apr/55 http://www.securityfocus.com/bid/98045 https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. En MyBB en versiones anteriores a 1.8.11, el componente Email MyCode permite XSS, como lo demuestra un evento onmouseover. • http://seclists.org/fulldisclosure/2017/Apr/53 https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •