4 matches found
MyBB 1.4.10 'myps.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37464/info MyBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
CVE-2009-4813
CVE-2009-4813 describes a cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) version 1.4.10, specifically in the script file myps.php. The issue arises when processing the donate action where the username parameter is not properly sanitized, allowing a remote attacker to inject ar...
Design/Logic Flaw
inc/functionstime.php in MyBB aka MyBulletinBoard 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service CPU consumption via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors...
PT-2009-6570 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB versions 1.4.10 and earlier Description: The issue allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters when changing the user avatar fr...