Every CVE whose affected-product data names Mybb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (140)
CVE-2006-0218 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1)…
CVE-2015-8974 — CVSS 10.0 (critical): SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x…
CVE-2011-5133 — CVSS 10.0 (critical): Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy…
CVE-2015-2786 — CVSS 10.0 (critical): Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request…
CVE-2011-10018 — CVSS 9.8 (critical): myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to…
CVE-2016-9402 — CVSS 9.8 (critical): SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might…
CVE-2016-9403 — CVSS 9.8 (critical): newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified…
CVE-2016-9412 — CVSS 9.8 (critical): MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related…
CVE-2016-9416 — CVSS 9.8 (critical): SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows…
CVE-2016-9420 — CVSS 9.8 (critical): MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors…
CVE-2017-16780 — CVSS 9.8 (critical): The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
CVE-2021-27890 — CVSS 8.8 (high): SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
CVE-2020-15139 — CVSS 8.8 (high): In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML…
CVE-2023-53979 — CVSS 8.8 (high): MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute…
CVE-2019-12830 — CVSS 8.7 (high): In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode…
CVE-2015-8973 — CVSS 8.3 (high): xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers…
CVE-2025-29457 — CVSS 7.6 (high): An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier…
CVE-2025-29460 — CVSS 7.6 (high): An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes…
CVE-2025-29459 — CVSS 7.6 (high): An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this…
CVE-2025-29458 — CVSS 7.6 (high): An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier…
CVE-2008-3071 — CVSS 7.5 (high): Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the…
CVE-2016-9418 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain…
CVE-2008-3070 — CVSS 7.5 (high): Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the…
CVE-2016-9415 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite…
CVE-2016-9414 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by…
CVE-2014-9240 — CVSS 7.5 (high): SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL…
CVE-2015-2352 — CVSS 7.5 (high): The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function…
CVE-2008-0383 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL…
CVE-2016-9410 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database…
CVE-2005-4199 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via…
CVE-2007-1963 — CVSS 7.5 (high): SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows…
CVE-2015-8977 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the…
CVE-2007-2212 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute…
CVE-2008-3967 — CVSS 7.5 (high): moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and…
CVE-2008-4929 — CVSS 7.5 (high): MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it…
CVE-2012-2324 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL…
CVE-2012-2325 — CVSS 7.5 (high): SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before…
CVE-2010-5096 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands…
CVE-2008-3965 — CVSS 7.5 (high): SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL…
CVE-2023-46251 — CVSS 7.5 (high): MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when…
CVE-2012-5909 — CVSS 7.5 (high): SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute…
CVE-2016-9417 — CVSS 7.4 (high): The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to…
CVE-2025-48940 — CVSS 7.2 (high): MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which…
CVE-2021-43281 — CVSS 7.2 (high): MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management…
CVE-2021-27947 — CVSS 7.2 (high): SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
CVE-2022-24734 — CVSS 7.2 (high): MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting…
CVE-2022-39265 — CVSS 7.2 (high): MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_parameters…
CVE-2022-45867 — CVSS 7.2 (high): MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to…
CVE-2019-12831 — CVSS 7.2 (high): In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too…
CVE-2023-41362 — CVSS 7.2 (high): MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was…
CVE-2018-1000502 — CVSS 7.2 (high): MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can…
CVE-2011-5131 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of…
CVE-2008-0788 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the…
CVE-2010-4627 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to…
CVE-2008-7082 — CVSS 6.8 (medium): MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split…
CVE-2015-2334 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows…
CVE-2016-9413 — CVSS 6.5 (medium): The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct…
CVE-2009-4449 — CVSS 6.5 (medium): Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from…
CVE-2016-9407 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote…
CVE-2015-8975 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB…
CVE-2015-8976 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before…
CVE-2016-9404 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote…
CVE-2016-9405 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7…
CVE-2016-9406 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before…
CVE-2016-9408 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before…
CVE-2016-9409 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before…
CVE-2016-9419 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before…
CVE-2016-9421 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB…
CVE-2017-8103 — CVSS 6.1 (medium): In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
CVE-2018-10678 — CVSS 6.1 (medium): MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote…
CVE-2018-15596 — CVSS 6.1 (medium): An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as…
CVE-2018-19201 — CVSS 6.1 (medium): A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the…
CVE-2018-19202 — CVSS 6.1 (medium): A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the…
CVE-2022-43707 — CVSS 6.1 (medium): MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML…
CVE-2022-43708 — CVSS 6.1 (medium): MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject…
CVE-2007-0544 — CVSS 6.0 (medium): Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary…
CVE-2007-1964 — CVSS 6.0 (medium): member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any…
CVE-2014-3827 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to…
CVE-2023-53978 — CVSS 5.4 (medium): myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated…
CVE-2020-19048 — CVSS 5.4 (medium): Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in…
CVE-2020-19049 — CVSS 5.4 (medium): Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found…
CVE-2023-53976 — CVSS 5.4 (medium): myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated…
CVE-2014-3826 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via…
CVE-2023-53977 — CVSS 5.4 (medium): myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated…
CVE-2024-52702 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary…
CVE-2023-45556 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name…
CVE-2018-17128 — CVSS 5.4 (medium): A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
CVE-2021-41866 — CVSS 5.4 (medium): MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
CVE-2016-9411 — CVSS 5.3 (medium): The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the…
CVE-2019-3579 — CVSS 5.3 (medium): MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset…
CVE-2017-8104 — CVSS 5.3 (medium): In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVE-2025-48941 — CVSS 5.3 (medium): MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which…
CVE-2010-4626 — CVSS 5.1 (medium): The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which…
CVE-2011-3759 — CVSS 5.0 (medium): MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals…
CVE-2012-2327 — CVSS 5.0 (medium): MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which…
CVE-2024-23336 — CVSS 5.0 (medium): MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which…
CVE-2015-2335 — CVSS 5.0 (medium): A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.
CVE-2009-4448 — CVSS 5.0 (medium): inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of…
CVE-2010-4629 — CVSS 5.0 (medium): MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to…
CVE-2010-4628 — CVSS 5.0 (medium): member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote…
CVE-2007-0689 — CVSS 5.0 (medium): MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter…
CVE-2010-4625 — CVSS 5.0 (medium): MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which…
CVE-2008-4930 — CVSS 5.0 (medium): MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which…
CVE-2007-0622 — CVSS 5.0 (medium): Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary…
CVE-2018-7305 — CVSS 4.9 (medium): MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.
CVE-2022-43709 — CVSS 4.9 (medium): MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string…
CVE-2024-23335 — CVSS 4.7 (medium): MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the…
CVE-2006-0442 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary…
CVE-2015-4552 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote…
CVE-2011-5132 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors…
CVE-2013-7275 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject…
CVE-2008-4928 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote…
CVE-2009-4813 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web…
CVE-2008-3334 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2010-4522 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to…
CVE-2015-2333 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject…
CVE-2008-3966 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary…
CVE-2008-3069 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2015-2332 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject…
CVE-2018-1000503 — CVSS 4.3 (medium): MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private…
CVE-2014-9241 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject…
CVE-2014-5248 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors…
CVE-2012-2326 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote…
CVE-2012-5908 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to…
CVE-2014-1840 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web…
CVE-2013-7288 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before…
CVE-2010-4624 — CVSS 3.5 (low): MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes…
CVE-2015-2149 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote…