CVE-2018-6844
https://notcve.org/view.php?id=CVE-2018-6844
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. MyBB 1.8.14 tiene XSS mediante los campos Title o Description en la pantalla Edit Forum. • https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16781 – MyBB 1.8.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16781
The installer in MyBB before 1.8.13 has XSS. El instalador en MyBB en versiones anteriores a la 1.8.13 tiene Cross-Site Scripting (XSS). • https://www.exploit-db.com/exploits/43137 https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16780 – MyBB 1.8.13 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-16780
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. El instalador en MyBB en versiones anteriores a la 1.8.13 permite que atacantes remotos ejecuten código arbitrario escribiendo en el archivo de configuración. • https://www.exploit-db.com/exploits/43136 https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-8104
https://notcve.org/view.php?id=CVE-2017-8104
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. En MyBB en versiones anteriores a 1.8.11, el módulo smilie permite Salto de Directorio a través del parámetro pathfolder. • http://seclists.org/fulldisclosure/2017/Apr/55 http://www.securityfocus.com/bid/98045 https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-8103
https://notcve.org/view.php?id=CVE-2017-8103
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. En MyBB en versiones anteriores a 1.8.11, el componente Email MyCode permite XSS, como lo demuestra un evento onmouseover. • http://seclists.org/fulldisclosure/2017/Apr/53 https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •