CVE-2008-4930

MyBB aka MyBulletinBoard 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing....

Decidim cross-site scripting (XSS) in the admin panel

Impact The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually b...