Mybulletinboard@1.0 pr2 Security Vulnerabilities and Issues — Mybulletinboard@1.0 pr2 CVE List

Lucene search

MybulletinboardMybulletinboard1.0 pr2

12 matches found

CVE•added 2006/07/21 2:3 p.m.•58 views

CVE-2006-3761

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascrip...

4.3CVSS5.7AI score0.00866EPSS

CVE•added 2006/01/02 12:0 a.m.•48 views

CVE-2005-4603

Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread.

4.3CVSS5.7AI score0.00527EPSS

CVE•added 2006/04/21 10:2 a.m.•48 views

CVE-2006-1974

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.

7.5CVSS8.4AI score0.00453EPSS

CVE•added 2006/06/27 10:5 a.m.•47 views

CVE-2006-3243

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.

7.5CVSS8.8AI score0.00816EPSS

CVE•added 2006/03/19 11:6 a.m.•44 views

CVE-2006-1282

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.

4.3CVSS6.5AI score0.00674EPSS

CVE•added 2006/08/01 9:4 p.m.•42 views

CVE-2006-3954

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

5CVSS7.1AI score0.0022EPSS

CVE•added 2006/03/19 11:6 a.m.•36 views

CVE-2006-1281

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.

3.5CVSS5.6AI score0.00976EPSS

CVE•added 2006/01/31 11:3 a.m.•33 views

CVE-2006-0470

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

4.3CVSS5.7AI score0.01248EPSS

CVE•added 2006/02/02 11:2 a.m.•33 views

CVE-2006-0523

SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.

7.5CVSS8.4AI score0.00619EPSS

CVE•added 2006/02/18 9:2 p.m.•33 views

CVE-2006-0770

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the det...

2.6CVSS5.5AI score0.00409EPSS

CVE•added 2006/01/22 8:3 p.m.•31 views

CVE-2006-0364

Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, ...

4.3CVSS5.6AI score0.00674EPSS

CVE•added 2006/08/01 9:4 p.m.•30 views

CVE-2006-3953

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

4.3CVSS6AI score0.00323EPSS