CVE-2018-10678
https://notcve.org/view.php?id=CVE-2018-10678
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. MyBB 1.8.15, cuando se accede a él mediante Microsoft Edge, gestiona de manera incorrecta 'target="_blank" rel="noopener"' en elementos A, lo que facilita que atacantes remotos lleven a cabo ataques de redirección. • https://github.com/hbranco/CVE-2018-10678 http://www.securityfocus.com/bid/104187 https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-7305
https://notcve.org/view.php?id=CVE-2018-7305
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. MyBB 1.8.14 no comprueba un token CSRF válido, lo que conduce al borrado arbitrario de cuentas de usuario. • https://websecnerd.blogspot.in/2018/02/mybb-forum-1_21.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-6844
https://notcve.org/view.php?id=CVE-2018-6844
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. MyBB 1.8.14 tiene XSS mediante los campos Title o Description en la pantalla Edit Forum. • https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16781 – MyBB 1.8.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16781
The installer in MyBB before 1.8.13 has XSS. El instalador en MyBB en versiones anteriores a la 1.8.13 tiene Cross-Site Scripting (XSS). • https://www.exploit-db.com/exploits/43137 https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16780 – MyBB 1.8.13 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-16780
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. El instalador en MyBB en versiones anteriores a la 1.8.13 permite que atacantes remotos ejecuten código arbitrario escribiendo en el archivo de configuración. • https://www.exploit-db.com/exploits/43136 https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release • CWE-352: Cross-Site Request Forgery (CSRF) •