518 matches found
CVE-2021-28968
An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the email BBcode tag allows with authentication injecting arbitrary JavaScript into any forum message...
Authentication flaw
An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the email BBcode tag allows with authentication injecting arbitrary JavaScript into any forum message...
Ashcs punbb 跨站脚本漏洞
PunBB is a lightweight PHP-based forum system distributed under the GNU General Public License. A cross-site scripting vulnerability exists in the email BBcode tag in versions of PunBB prior to 1.4.6. An attacker can exploit this vulnerability to inject arbitrary JavaScript into any forum message...
MyBB < 1.8.25 XSS Vulnerability
MyBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...
Design/Logic Flaw
MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...
CVE-2021-27279
CVE-2021-27279 affects MyBB prior to 1.8.25. The vulnerability is a stored XSS via nested [email] tags in MyCode (BBCode), enabling script injection when processing user-supplied content. Product: MyBB (forum software); affected version range: before 1.8.25. Root cause: improper sanitization of B...
CVE-2021-27279
MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...
CVE-2020-26134
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode...
CVE-2020-26134
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode...
Cross site scripting
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode...
CVE-2020-26134
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode...
CVE-2020-26134
Live Helper Chat before 3.44v is affected by a stored XSS in chat messages via BBCode, exploitable by an operator. A security update 3.44v addresses this vulnerability. No details on exploitation beyond the described stored XSS are provided in the supplied documents.
Cross site scripting
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
CVE-2020-15139 XSS in MyBB
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
CVE-2019-16108
Summary (CVE-2019-16108): phpBB 3.2.7 is vulnerable to CSS injection via BBCode that can inject an arbitrary CSS token sequence into a page. The root cause is insecure handling/validation of BBCode parameters, enabling an attacker to alter page styling. The vulnerability affects phpBB 3.2.7; no e...
Mail.ru: Stored XSS in Review Section https://games.mail.ru/
Stored XSS via malcrafted link bbcode in review editor...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...