FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mybb -- vulnerabilities

Affected packages
mybb < 1.8.20_1

Details

VuXML ID 395ed9d5-3cca-11e9-9ba0-4c72b94353b5
Discovery 2019-02-27
Entry 2019-03-02
Modified 2019-03-04

mybb Team reports:

Medium risk: Reset Password reflected XSS

Medium risk: ModCP Profile Editor username reflected XSS

Low risk: Predictable CSRF token for guest users

Low risk: ACP Stylesheet Properties XSS

Low risk: Reset Password username enumeration via email

[source]

References

URL https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.