CVE-2018-14499

HYBBS (through 2016-03-08) contains an XSS vulnerability that can be triggered via the article title when posting to post.html. The description in multiple sources confirms this flaw but does not provide affected versions beyond the date window or remediation guidance.

CVE-2019-10644

HYBBS 2.2 has a CSRF vulnerability on the /?admin/user.html page that can add an administrator account. The connected sources confirm the affected software/version and the vulnerable endpoint; no exploit details or fixes are provided in the documents. No root-cause or remediation specifics are st...