Lucene search
K

2139 matches found

NVD
NVD
added 2026/06/28 2:16 a.m.10 views

CVE-2026-58054

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.8 views

EUVD-2026-39974

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.34 views

CVE-2026-58054 MyBB - Privilege Escalation from Limited ACP User Management to Administrator

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.32 views

CVE-2026-58054

MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53086

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.40 Description An issue exists where users with limited Admin Control Panel ACP access can assign any usergroup to an account during creation or editing. This occurs because the verify usergroup function in the user module...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.42 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS0.00232EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

MyBB Timeline Plugin 跨站脚本漏洞

The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...

6.9CVSS5.6AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 8:16 p.m.3 views

CVE-2018-25309

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS0.00261EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.2 views

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS5.3AI score0.00261EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.3 views

EUVD-2018-21830

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS5.3AI score0.00261EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.34 views

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS0.00261EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35992

Name of the Vulnerable Software and Affected Versions MyBB Recent threads version 17.0 Description A persistent cross-site scripting issue allows attackers to inject malicious scripts by creating threads with crafted subject lines. By using script tags in the subject parameter, an attacker can...

7.2CVSS5.9AI score0.00261EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

MyBB Recent threads 跨站脚本漏洞

MyBB Recent threads is a plugin provided by MyBB Corporation that displays the latest topic lists on forums. Version 17.0 of MyBB Recent threads contains a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting, allowing attackers to inject malicious...

7.2CVSS5.9AI score0.00261EPSS
Exploits1References1
NVD
NVD
added 2026/04/04 2:16 p.m.4 views

CVE-2018-25250

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

7.2CVSS0.00201EPSS
Exploits1References3
NVD
NVD
added 2026/04/04 2:16 p.m.6 views

CVE-2018-25249

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit...

6.4CVSS0.00254EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/04 1:51 p.m.21 views

CVE-2018-25250 MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

7.2CVSS0.00201EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:51 p.m.3 views

CVE-2018-25249

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit...

6.4CVSS5.9AI score0.00254EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/04 1:51 p.m.7 views

CVE-2018-25250 MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

7.2CVSS5.9AI score0.00201EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/04 1:51 p.m.23 views

CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit...

6.4CVSS0.00254EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:51 p.m.5 views

CVE-2018-25250

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

7.2CVSS5.9AI score0.00201EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder