2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in usercp.php in MyBulletinBoard MyBB 1.02 allow remote attackers to inject arbitrary web script or HTML via the 1 notepad parameter in a notepad action and 2 signature parameter in an editsig action. NOTE: These are different attack vectors, and...
CVE-2006-0218
MyBB/MyBulletinBoard has multiple concrete issues in versions before 1.0.2, including CVE-2006-0218 (related to various files and likely SQL injection), CVE-2006-0219 (SQL injection via an attachment name and related threadmode issues in usercp.php), and CVE-2006-0442 (XSS in usercp.php). The fil...