CVE-2022-43707

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

Cross site scripting

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in versions prior to mybb MyBB 1.8.32, which stems from a...

PT-2022-27013 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.31 Description: The issue allows remote attackers to inject HTML via user input or stored data due to a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor. Recommendations: For MyBB version 1.8.31, as...

MyBB 1.8.25 - Chained Remote Command Execution

Exploit Title: MyBB 1.8.25 - Chained Remote Command Execution Exploit Author: SivertPL [email protected] Date: 19.03.2021 Description: Nested autourl Stored XSS - templateset second order SQL Injection leading to RCE through improper string interpolation in eval. Software Link:...

MyBB Cross-Site Scripting Vulnerability (CNVD-2021-12661)

MyBB is a free open source forum software. A stored cross-site scripting vulnerability exists in MyBB versions prior to 1.8.25. An attacker can exploit this vulnerability by nesting email MyCode tags to conduct cross-site scripting attacks...

CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...

CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...

Design/Logic Flaw

MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...

CVE-2021-27279

CVE-2021-27279 affects MyBB prior to 1.8.25. The vulnerability is a stored XSS via nested [email] tags in MyCode (BBCode), enabling script injection when processing user-supplied content. Product: MyBB (forum software); affected version range: before 1.8.25. Root cause: improper sanitization of B...

CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...

PT-2021-17383 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.25 Description: The issue allows stored XSS via nested email tags with MyCode aka BBCode. Recommendations: For versions prior to 1.8.25, update to version 1.8.25 or later to resolve the issue...

Cross site scripting

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

PT-2020-14219 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.24 Description: The issue arises from improper input escaping in the custom MyCode for the visual editor, leading to a DOM-based XSS vulnerability. This can be exploited by directing a victim to a page with the visu...

CVE-2019-12830

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to video BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue...

CVE-2019-12830

CVE-2019-12830 affects MyBB releases before 1.8.21. A parsing flaw in the Private Message / Post renderer allows a crafted [video] BBCode to cause persistent XSS, enabling an attacker to take over a user’s forum account. The issue is described across multiple sources (NVD entry and Red Hat/CNVD v...

mybb -- vulnerabilities

mybb Team reports: High risk: Theme import stylesheet name RCE High risk: Nested video MyCode persistent XSS Medium risk: Find Orphaned Attachments reflected XSS Medium risk: Post edit reflected XSS Medium risk: Private Messaging folders SQL injection Low risk: Potential phar deserialization...

CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

Cross site scripting

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

CVE-2018-17128

Summary: CVE-2018-17128 affects MyBB’s Visual Editor (pre-1.8.19). The issue is a persistent XSS introduced through the Video MyCode in posts, enabling attacker-controlled JavaScript execution in a victim’s browser when replying to a thread. The vulnerability is tied to the Video or videotype han...