FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
db2acdac-b5a7-11e8-8f6f-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Image MyCode “alt” attribute persistent XSS.

Medium risk: RSS Atom 1.0 item title persistent XSS.


Discovery 2018-08-22
Entry 2018-09-11
mybb
< 1.8.18

https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/
198a120d-c22d-11ea-9172-4c72b94353b5mybb -- multible vulnerabilities

mybb Team reports:

High risk: Installer RCE on settings file write

Medium risk: Arbitrary upload paths and Local File Inclusion RCE

Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data

Low risk: Open redirect on login

Low risk: SCEditor reflected XSS


Discovery 2019-12-30
Entry 2020-07-09
mybb
< 1.8.22

https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/
13960f55-8d35-11e9-9ba0-4c72b94353b5mybb -- vulnerabilities

mybb Team reports:

High risk: Theme import stylesheet name RCE

High risk: Nested video MyCode persistent XSS

Medium risk: Find Orphaned Attachments reflected XSS

Medium risk: Post edit reflected XSS

Medium risk: Private Messaging folders SQL injection

Low risk: Potential phar deserialization through Upload Path


Discovery 2019-06-10
Entry 2019-06-12
mybb
< 1.8.21

https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/
ab38d9f8-b787-11e8-8e7a-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Email field SQL Injection.

Medium risk: Video MyCode Persistent XSS in Visual Editor.

Low risk: Insufficient permission check in User CP’s attachment management.

Low risk: Insufficient email address verification.


Discovery 2018-09-11
Entry 2018-09-13
mybb
< 1.8.19

https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/
395ed9d5-3cca-11e9-9ba0-4c72b94353b5mybb -- vulnerabilities

mybb Team reports:

Medium risk: Reset Password reflected XSS

Medium risk: ModCP Profile Editor username reflected XSS

Low risk: Predictable CSRF token for guest users

Low risk: ACP Stylesheet Properties XSS

Low risk: Reset Password username enumeration via email


Discovery 2019-02-27
Entry 2019-03-02
Modified 2019-03-04
mybb
< 1.8.20_1

https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/