Shodan
Vulnerabilities
Vulnerable Software
Mybb:  >> Mybb  Security Vulnerabilities
CVE-2014-9241
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
CVSS Score
4.3
EPSS Score
0.01
Published
2014-12-03
CVE-2014-9240
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
CVSS Score
7.5
EPSS Score
0.013
Published
2014-12-03
CVE-2014-5248
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-08-14
CVE-2014-1840
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-03-03
CVE-2013-7288
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-01-10
CVE-2013-7275
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-01-08
CVE-2012-5908
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
CVSS Score
4.3
EPSS Score
0.03
Published
2012-11-17
CVE-2012-5909
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2012-11-17
CVE-2011-5131
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.
CVSS Score
6.8
EPSS Score
0.003
Published
2012-08-30
CVE-2011-5132
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."
CVSS Score
4.3
EPSS Score
0.004
Published
2012-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved