EUVD-2023-32144

Malicious code in bioql PyPI...

BIT-MYBB-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

MyBB < 1.8.34 XSS Vulnerability

MyBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...

CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

Design/Logic Flaw

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

CVE-2023-28467

CVE-2023-28467 affects MyBB prior to 1.8.34. The vulnerability is a cross-site scripting (XSS) flaw in the User CP module that can be triggered via the user email field. Public sources consistently describe the issue as an XSS in the User Control Panel before version 1.8.34, with no additional de...

MyBB Delete Account Plugin 1.4 - Cross-Site Scripting

Exploit Title: MyBB Delete Account Plugin 1.4 - Cross-Site Scripting Date: 1/25/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://github.com/vintagedaddyo/MyBBPlugin-DeleteAccount/ Version: 1.4 Tested on: Windows 10 1. Description: This plugin allows users to delete...

mybb -- vulnerabilities

mybb Team reports: High risk: Email field SQL Injection. Medium risk: Video MyCode Persistent XSS in Visual Editor. Low risk: Insufficient permission check in User CP’s attachment management. Low risk: Insufficient email address verification...

Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Information Disclosure

Description: Invision Power Board version 4.1.19.2 current version as of this release and below, is vulnerable to pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18 and stored XSS in the Announcements. The vulnerability in the IPS UTF8 Converter can easily be used to make a malicious...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...

CVE-2017-8899

CVE-2017-8899 affects Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier. The issue is a composite of Stored XSS and Information Disclosure in the attachments feature within User CP. The primary cause is the ability to upload an SVG document with a crafted attribute such as onload...

MyBB Profile Wii Friend Code - Multiple Vulnerabilities

No description provided by source. Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:Profile of intext:Wii Friend Code inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code Software Link:...

MyBB Profile Wii Friend Code - Multiple Vulnerabilities

Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code Software Link:...

MyBB Profile Wii Friend Code - Multiple Vulnerabilities

MyBB Profile Wii Friend Code - Multiple Vulnerabilities Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code...

MyBB Profile Wii Friend Code Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:member.php Date: 1/3/2013 Exploit Author: Ichi Vendor Homepage: http://mods.mybb.com/view/profile-wii-friend-code Softwar...

PT-2007-2274 · Atsphp · Atsphp

Name of the Vulnerable Software and Affected Versions: Atsphp version 5.0.1 Description: Multiple PHP remote file inclusion issues allow remote attackers to execute arbitrary PHP code via a URL in the CONFpath parameter to API endpoints such as "index.php", "sources/usercp.php", or...