EUVD-2006-3597

Malware in sbrugna...

CVE-2020-15139

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

Cross site scripting

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

CVE-2020-15139 XSS in MyBB

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

CVE-2007-2963

Multiple cross-site scripting XSS vulnerabilities in Invision Power Board IPB or IP.Board 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via 1 modulebbcodeloader.php, 2 modulediv.php, 3 moduleemail.php, 4 moduleimage.php, 5 modulelink.php, or 6 the...

CVE-2007-2963

CVE-2007-2963 describes multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB/IP.Board) 2.2.2 and possibly earlier. The issues allow remote attackers to inject arbitrary web script or HTML via specific vectors in the web UI: (1) module_bbcodeloader.php, (2) module_div.p...

Local file inclusion in Farsinews3.0BETA1

if magicquotesgpc is Off in php.ini then local file inclusion in /jscripts/tinymce/tinymcegzip.php is available to use;!! why? codejscripts/tinymce/tinymcegzip.php ... $theme = isset$REQUEST'theme' ? $REQUEST'theme' : ""; $language = isset$REQUEST'language' ? $REQUEST'language' : ""; $plugins =...