GCVE - cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mybb:mybb:1.6.5:*:*:*:*:*:*:*

part: a version: 1.6.5 update: *

Vendor	Mybb (`8821e130-2590-5689-a7de-85bc65b3bdf4`)
Product	Mybb (`0a7c5598-1dcf-5314-89b1-60f621a820e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/mybb/mybb`	purl2cpe	2026-06-01 10:11:09.774127

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-5248`	vulnerable	2026-06-03 14:34:05.795913	Details available Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. Published: 2014-08-14T18:00:00.000Z Updated: 2024-09-16T21:04:27.064Z Open on db.gcve.eu Reference links http://secunia.com/advisories/59707 http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1840`	vulnerable	2026-06-03 14:33:48.644594	Details available Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message. Published: 2014-03-03T16:00:00.000Z Updated: 2024-08-06T09:50:11.072Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7288`	vulnerable	2026-06-03 14:33:34.912310	Details available Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Published: 2014-01-10T16:00:00.000Z Updated: 2024-09-17T01:50:54.525Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/show/osvdb/101544	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7275`	vulnerable	2026-06-03 14:33:34.771403	Details available Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Published: 2014-01-08T15:00:00.000Z Updated: 2024-09-16T19:45:42.403Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/101545	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2327`	vulnerable	2026-06-03 14:31:52.543742	Details available MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-17T02:58:18.551Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2326`	vulnerable	2026-06-03 14:31:52.542098	Details available Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment. Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-16T16:37:30.858Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2325`	vulnerable	2026-06-03 14:31:52.540374	Details available SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors. Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-16T23:55:43.800Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2324`	vulnerable	2026-06-03 14:31:52.538563	Details available Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP). Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-16T18:18:14.658Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.