2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in usercp.php in MyBulletinBoard MyBB 1.02 allow remote attackers to inject arbitrary web script or HTML via the 1 notepad parameter in a notepad action and 2 signature parameter in an editsig action. NOTE: These are different attack vectors, and...
CVE-2006-0219
CVE-2006-0219 affects MyBulletinBoard (MyBB) prior to 1.0.2. The advisory notes that the update path may omit/include older copies of critical files, enabling (1) SQL injection via an attachment name handled by inc/functions_upload.php (related to CVE-2005-4602) and (2) other issues tied to threa...