MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-13
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.
CVSS Score
4.9
EPSS Score
0.001
Published
2018-02-21
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-02-08
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
CVSS Score
9.8
EPSS Score
0.019
Published
2017-11-10
The installer in MyBB before 1.8.13 has XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-10
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-24
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVSS Score
5.3
EPSS Score
0.013
Published
2017-04-24
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
CVSS Score
7.7
EPSS Score
0.006
Published
2017-04-06
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.037
Published
2017-01-31
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.
CVSS Score
9.8
EPSS Score
0.053
Published
2017-01-31