CVE-2018-25247

The CVE-2018-25247 entry concerns MyBB Like Plugin 3.0.0, which is vulnerable to cross-site scripting via user profiles. The root cause is unvalidated subject content in posts/threads, allowing an attacker to craft post subjects containing script tags that execute when other users view the attack...

CVE-2018-14575

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting XSS via a thread subject and a cross-site request forgery CSRF via a post subject...