GCVE - cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mybb:mybb:1.4.1:*:*:*:*:*:*:*

part: a version: 1.4.1 update: *

Vendor	Mybb (`8821e130-2590-5689-a7de-85bc65b3bdf4`)
Product	Mybb (`0a7c5598-1dcf-5314-89b1-60f621a820e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/mybb/mybb`	purl2cpe	2026-06-01 10:11:09.774084

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-7288`	vulnerable	2026-06-03 14:33:34.911774	Details available Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Published: 2014-01-10T16:00:00.000Z Updated: 2024-09-17T01:50:54.525Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/show/osvdb/101544	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7275`	vulnerable	2026-06-03 14:33:34.760038	Details available Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Published: 2014-01-08T15:00:00.000Z Updated: 2024-09-16T19:45:42.403Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/101545	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2327`	vulnerable	2026-06-03 14:31:52.543394	Details available MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-17T02:58:18.551Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2326`	vulnerable	2026-06-03 14:31:52.541737	Details available Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment. Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-16T16:37:30.858Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2325`	vulnerable	2026-06-03 14:31:52.540007	Details available SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors. Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-16T23:55:43.800Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2324`	vulnerable	2026-06-03 14:31:52.527418	Details available Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP). Published: 2012-08-13T18:00:00.000Z Updated: 2024-09-16T18:18:14.658Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/53417 http://www.openwall.com/lists/oss-security/2012/05/07/13 http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ http://www.openwall.com/lists/oss-security/2012/05/07/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5133`	vulnerable	2026-06-03 14:31:27.955366	Details available Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list." Published: 2012-08-30T22:00:00.000Z Updated: 2024-09-17T00:51:26.797Z Open on db.gcve.eu Reference links http://secunia.com/advisories/46951 http://www.osvdb.org/77325 http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ http://www.securityfocus.com/bid/50816	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5132`	vulnerable	2026-06-03 14:31:27.953941	Details available Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX." Published: 2012-08-30T22:00:00.000Z Updated: 2024-08-07T00:23:40.249Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/71461 http://secunia.com/advisories/46951 http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ http://www.securityfocus.com/bid/50816 http://www.osvdb.org/77326	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5131`	vulnerable	2026-06-03 14:31:27.942585	Details available Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. Published: 2012-08-30T22:00:00.000Z Updated: 2024-08-07T00:23:40.140Z Open on db.gcve.eu Reference links http://dev.mybb.com/issues/1729 http://www.osvdb.org/77327 http://secunia.com/advisories/46951 https://exchange.xforce.ibmcloud.com/vulnerabilities/71462 http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-5096`	vulnerable	2026-06-03 14:30:45.134201	Details available Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error. Published: 2012-08-13T23:00:00.000Z Updated: 2024-09-17T04:10:28.021Z Open on db.gcve.eu Reference links http://www.osvdb.org/70014 http://dev.mybb.com/issues/1330 http://www.openwall.com/lists/oss-security/2012/05/08/7 http://www.osvdb.org/70013 http://www.securityfocus.com/bid/45565	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.