FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
395ed9d5-3cca-11e9-9ba0-4c72b94353b5mybb -- vulnerabilities

mybb Team reports:

Medium risk: Reset Password reflected XSS

Medium risk: ModCP Profile Editor username reflected XSS

Low risk: Predictable CSRF token for guest users

Low risk: ACP Stylesheet Properties XSS

Low risk: Reset Password username enumeration via email


Discovery 2019-02-27
Entry 2019-03-02
Modified 2019-03-04
mybb
lt 1.8.20_1

https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/
db2acdac-b5a7-11e8-8f6f-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Image MyCode “alt” attribute persistent XSS.

Medium risk: RSS Atom 1.0 item title persistent XSS.


Discovery 2018-08-22
Entry 2018-09-11
mybb
lt 1.8.18

https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/
bfd5d004-81d4-11e8-a29a-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Image and URL MyCode Persistent XSS

Medium risk: Multipage Reflected XSS

Low risk: ACP logs XSS

Low risk: Arbitrary file deletion via ACP’s Settings

Low risk: Login CSRF

Low risk: Non-video content embedding via Video MyCode


Discovery 2018-07-04
Entry 2018-07-07
mybb
lt 1.8.16

https://blog.mybb.com/2018/07/04/mybb-1-8-16-released-security-maintenance-release/
d50a50a2-2f3e-11e8-86f8-00e04c1ea73dmybb -- multiple vulnerabilities

mybb Team reports:

Medium risk: Tasks Local File Inclusion

Medium risk: Forum Password Check Bypass

Low risk: Admin Permissions Group Title XSS

Low risk: Attachment types file extension XSS

Low risk: Moderator Tools XSS

Low risk: Security Questions XSS

Low risk: Settings Management XSS

Low risk: Templates Set Name XSS

Low risk: Usergroup Promotions XSS

Low risk: Warning Types XSS


Discovery 2018-03-15
Entry 2018-03-24
mybb
lt 1.8.15

https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/
13960f55-8d35-11e9-9ba0-4c72b94353b5mybb -- vulnerabilities

mybb Team reports:

High risk: Theme import stylesheet name RCE

High risk: Nested video MyCode persistent XSS

Medium risk: Find Orphaned Attachments reflected XSS

Medium risk: Post edit reflected XSS

Medium risk: Private Messaging folders SQL injection

Low risk: Potential phar deserialization through Upload Path


Discovery 2019-06-10
Entry 2019-06-12
mybb
lt 1.8.21

https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/
addad6de-d752-11e7-99bf-00e04c1ea73dmybb -- multiple vulnerabilities

mybb Team reports:

High risk: Language file headers RCE

Low risk: Language Pack Properties XSS


Discovery 2017-11-27
Entry 2017-12-02
mybb
lt 1.8.14

https://blog.mybb.com/2017/11/28/mybb-1-8-14-released-security-maintenance-release/
ab38d9f8-b787-11e8-8e7a-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Email field SQL Injection.

Medium risk: Video MyCode Persistent XSS in Visual Editor.

Low risk: Insufficient permission check in User CP’s attachment management.

Low risk: Insufficient email address verification.


Discovery 2018-09-11
Entry 2018-09-13
mybb
lt 1.8.19

https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/
7761288c-d148-11e7-87e5-00e04c1ea73dmybb -- multiple vulnerabilities

myBB Team reports:

High risk: Installer RCE on configuration file write

High risk: Language file headers RCE

Medium risk: Installer XSS

Medium risk: Mod CP Edit Profile XSS

Low risk: Insufficient moderator permission check in delayed moderation tools

Low risk: Announcements HTML filter bypass

Low risk: Language Pack Properties XSS.


Discovery 2017-11-07
Entry 2017-11-24
mybb
lt 1.8.13

https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/
198a120d-c22d-11ea-9172-4c72b94353b5mybb -- multible vulnerabilities

mybb Team reports:

High risk: Installer RCE on settings file write

Medium risk: Arbitrary upload paths and Local File Inclusion RCE

Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data

Low risk: Open redirect on login

Low risk: SCEditor reflected XSS


Discovery 2019-12-30
Entry 2020-07-09
mybb
lt 1.8.22

https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/