GCVE - cpe:2.3:a:mybb:mybb:1.6.10:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mybb:mybb:1.6.10:*:*:*:*:*:*:*

part: a version: 1.6.10 update: *

Vendor	Mybb (`8821e130-2590-5689-a7de-85bc65b3bdf4`)
Product	Mybb (`0a7c5598-1dcf-5314-89b1-60f621a820e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/mybb/mybb`	purl2cpe	2026-06-01 10:11:09.774111

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-5248`	vulnerable	2026-06-03 14:34:05.798717	Details available Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. Published: 2014-08-14T18:00:00.000Z Updated: 2024-09-16T21:04:27.064Z Open on db.gcve.eu Reference links http://secunia.com/advisories/59707 http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1840`	vulnerable	2026-06-03 14:33:48.647161	Details available Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message. Published: 2014-03-03T16:00:00.000Z Updated: 2024-08-06T09:50:11.072Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7288`	vulnerable	2026-06-03 14:33:34.912414	Details available Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. Published: 2014-01-10T16:00:00.000Z Updated: 2024-09-17T01:50:54.525Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/show/osvdb/101544	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7275`	vulnerable	2026-06-03 14:33:34.773861	Details available Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. Published: 2014-01-08T15:00:00.000Z Updated: 2024-09-16T19:45:42.403Z Open on db.gcve.eu Reference links https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release http://secunia.com/advisories/55945 http://www.securityfocus.com/bid/64570 http://osvdb.org/101545	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.