FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mybb -- vulnerabilities

Affected packages
mybb < 1.8.21

Details

VuXML ID 13960f55-8d35-11e9-9ba0-4c72b94353b5
Discovery 2019-06-10
Entry 2019-06-12

mybb Team reports:

High risk: Theme import stylesheet name RCE

High risk: Nested video MyCode persistent XSS

Medium risk: Find Orphaned Attachments reflected XSS

Medium risk: Post edit reflected XSS

Medium risk: Private Messaging folders SQL injection

Low risk: Potential phar deserialization through Upload Path

References

URL https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/