Lucene search
K

252 matches found

NVD
NVD
added 2023/11/06 6:15 p.m.31 views

CVE-2023-46251

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

7.5CVSS7.5AI score0.00471EPSS
Exploits0References3
Prion
Prion
added 2023/11/06 6:15 p.m.13 views

Design/Logic Flaw

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

5.8CVSS6.4AI score0.00471EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/06 5:41 p.m.30 views

CVE-2023-46251 Visual editor persistent Cross-site Scripting (XSS) in MyBB

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

7.5CVSS7.6AI score0.00471EPSS
Exploits0References3
CVE
CVE
added 2023/11/06 5:41 p.m.58 views

CVE-2023-46251

Summary: CVE-2023-46251 is a DOM-based XSS vulnerability in MyBB’s visual editor (SCEditor) caused by improper escaping of input in custom MyCode. This can be triggered when a victim loads a page with a pre-filled or crafted MyCode message (e.g., posts or private messages). The issue can affect p...

7.5CVSS6.7AI score0.00471EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/06 5:41 p.m.21 views

CVE-2023-46251 Visual editor persistent Cross-site Scripting (XSS) in MyBB

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/11/06 5:41 p.m.13 views

CVE-2023-46251 Visual editor persistent Cross-site Scripting (XSS) in MyBB

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

7.5CVSS7.5AI score0.00471EPSS
Exploits0References3
Prion
Prion
added 2023/09/27 3:19 p.m.31 views

Remote code execution

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

7.5CVSS9.7AI score0.45401EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/21 12:0 a.m.7 views

The vulnerability of the Admin CP configuration module of the MyBB forum creation software allows a hacker to execute arbitrary code.

The vulnerability of the Admin CP module for the MyBB forum creation software is related to improper code generation during template processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.6AI score0.01641EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/08/16 9:15 p.m.23 views

CVE-2023-40033

Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...

7.1CVSS6.9AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2023/08/16 8:34 p.m.74 views

CVE-2023-40033

CVE-2023-40033 affects Flarum (forum software). The root cause is the intervention/image package interpreting uploaded file contents as a URL, enabling a blind SSRF attack and disclosure of server files when a user uploads a URL-laden file with a spoofed MIME type. Exploitation leads to SSRF, loc...

7.1CVSS6.9AI score0.00421EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/24 10:15 p.m.24 views

Path traversal

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...

7.5CVSS9.1AI score0.00834EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/07/24 9:8 p.m.73 views

CVE-2023-26045

CVE-2023-26045 affects NodeBB up to 2.8.7, where a path traversal in the user export path (due to object destructuring) could be triggered by a specially crafted payload to arbitrarily execute local JavaScript. Affected range: 2.5.0 through

10CVSS9.2AI score0.00834EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/24 9:8 p.m.55 views

CVE-2023-26045 NodeBB vulnerable to path traversal and code execution via prototype vulnerability

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...

10CVSS9.4AI score0.00834EPSS
Exploits0References3
OSV
OSV
added 2023/07/24 9:8 p.m.33 views

CVE-2023-26045 NodeBB vulnerable to path traversal and code execution via prototype vulnerability

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...

10CVSS8.7AI score0.00834EPSS
Exploits0References5
NVD
NVD
added 2023/03/10 9:15 p.m.23 views

CVE-2023-27577

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

6.6CVSS6.4AI score0.00851EPSS
Exploits0References2
Prion
Prion
added 2023/03/10 9:15 p.m.17 views

Path traversal

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

3.3CVSS5AI score0.00851EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/01/12 8:15 p.m.44 views

CVE-2023-22488

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...

6.8CVSS6.5AI score0.00397EPSS
Exploits0References2
Prion
Prion
added 2023/01/12 8:15 p.m.20 views

Design/Logic Flaw

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...

5.5CVSS5.3AI score0.00397EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/01/12 7:24 p.m.92 views

CVE-2023-22488

CVE-2023-22488 affects Flarum core notification logic. The vulnerability stems from the notification-sending flow not validating that the notification subject is visible to the recipient, enabling reading of restricted/private content via subscriptions. Impact includes leakage of posts (including...

6.8CVSS5.5AI score0.00397EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/01/11 8:15 p.m.18 views

Design/Logic Flaw

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

4CVSS4.4AI score0.00665EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder