GCVE - cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mybb:mybb:1.6.0:*:*:*:*:*:*:*

part: a version: 1.6.0 update: *

Vendor	Mybb (`8821e130-2590-5689-a7de-85bc65b3bdf4`)
Product	Mybb (`0a7c5598-1dcf-5314-89b1-60f621a820e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/mybb/mybb`	purl2cpe	2026-06-01 10:11:09.774108

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-5248`	vulnerable	2026-06-03 14:34:05.793009	Details available Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. Published: 2014-08-14T18:00:00.000Z Updated: 2024-09-16T21:04:27.064Z Open on db.gcve.eu Reference links http://secunia.com/advisories/59707 http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1840`	vulnerable	2026-06-03 14:33:48.641991	Details available Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message. Published: 2014-03-03T16:00:00.000Z Updated: 2024-08-06T09:50:11.072Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7288`	vulnerable	2026-06-03 14:33:34.912201	Details available Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Published: 2014-01-10T16:00:00.000Z Updated: 2024-09-17T01:50:54.525Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/show/osvdb/101544	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7275`	vulnerable	2026-06-03 14:33:34.769000	Details available Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Published: 2014-01-08T15:00:00.000Z Updated: 2024-09-16T19:45:42.403Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/101545	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5133`	vulnerable	2026-06-03 14:31:27.955653	Details available Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list." Published: 2012-08-30T22:00:00.000Z Updated: 2024-09-17T00:51:26.797Z Open on db.gcve.eu Reference links http://secunia.com/advisories/46951 http://www.osvdb.org/77325 http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ http://www.securityfocus.com/bid/50816	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5132`	vulnerable	2026-06-03 14:31:27.954244	Details available Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX." Published: 2012-08-30T22:00:00.000Z Updated: 2024-08-07T00:23:40.249Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/71461 http://secunia.com/advisories/46951 http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ http://www.securityfocus.com/bid/50816 http://www.osvdb.org/77326	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5131`	vulnerable	2026-06-03 14:31:27.951078	Details available Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. Published: 2012-08-30T22:00:00.000Z Updated: 2024-08-07T00:23:40.140Z Open on db.gcve.eu Reference links http://dev.mybb.com/issues/1729 http://www.osvdb.org/77327 http://secunia.com/advisories/46951 https://exchange.xforce.ibmcloud.com/vulnerabilities/71462 http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3759`	vulnerable	2026-06-03 14:31:21.737267	Details available MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files. Published: 2011-09-23T23:00:00.000Z Updated: 2024-09-17T00:55:31.133Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2011/06/27/6 http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mybb-1.6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4522`	vulnerable	2026-06-03 14:30:42.269766	Details available Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php. Published: 2010-12-30T20:00:00.000Z Updated: 2024-09-16T20:22:36.682Z Open on db.gcve.eu Reference links http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/ http://openwall.com/lists/oss-security/2010/12/20/1 http://openwall.com/lists/oss-security/2010/12/22/2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.