Devilshakerz

**Name of the Vulnerable Software and Affected Versions** MyBB version 1.8.19 **Description** The issue is related to a problem in the resetpassword function, which has XSS. **Recommendations** For MyBB version 1.8.19, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MyBB version 1.8.19 **Description** The issue allows remote attackers to obtain sensitive information. This occurs because the software discloses the username when it receives a password-reset request that lacks the `code` parameter. **Recommendations** For MyBB version 1.8.19, consider restricting access to the password-reset functionality until a patch is available. As a temporary workaround, avoid using the password-reset feature without properly validating the `code` parameter.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.20 **Description** A reflected XSS issue allows remote attackers to inject JavaScript via the `username` parameter in the ModCP Profile Editor. **Recommendations** For versions prior to 1.8.20, update to version 1.8.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the ModCP Profile Editor until the update is applied. Avoid using the `username` parameter in the affected module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** A cross-site scripting (XSS) issue might allow remote attackers to inject arbitrary web script or HTML via vectors related to login. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** A cross-site scripting (XSS) issue exists in the member validation component, potentially allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** A cross-site scripting (XSS) issue exists in the User control panel, potentially allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** A cross-site scripting (XSS) issue might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** A cross-site scripting (XSS) issue exists in the Mod control panel, potentially allowing remote attackers to inject arbitrary web script or HTML through editing user vectors. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** A cross-site scripting (XSS) issue exists in the Admin control panel, potentially allowing remote attackers to inject arbitrary web script or HTML. This is possible through vectors involving pruning logs. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** The issue might allow remote attackers to obtain sensitive database information via vectors involving templates. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** The issue is related to a missing permission check in the newreply.php file, which can be leveraged by remote attackers to have an unspecified impact. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.6.18 MyBB versions 1.8.x prior to 1.8.6 MyBB Merge System versions prior to 1.8.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For MyBB versions prior to 1.6.18, update to version 1.6.18 or later. For MyBB versions 1.8.x prior to 1.8.6, update to version 1.8.6 or later. For MyBB Merge System versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.6.18 MyBB versions 1.8.x prior to 1.8.6 MyBB Merge System versions prior to 1.8.6 **Description** A cross-site scripting (XSS) issue exists in the error handler of MyBB, potentially allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For MyBB versions prior to 1.6.18, update to version 1.6.18 or later. For MyBB versions 1.8.x prior to 1.8.6, update to version 1.8.6 or later. For MyBB Merge System versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.6.18 MyBB versions 1.8.x prior to 1.8.6 MyBB Merge System versions prior to 1.8.6 **Description** A cross-site scripting (XSS) issue might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files." **Recommendations** For MyBB versions prior to 1.6.18, update to version 1.6.18 or later. For MyBB versions 1.8.x prior to 1.8.6, update to version 1.8.6 or later. For MyBB Merge System versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.6.18 MyBB versions 1.8.x prior to 1.8.6 MyBB Merge System versions prior to 1.8.6 **Description** The issue allows remote attackers to obtain the installation path via vectors involving error log files. **Recommendations** For MyBB versions prior to 1.6.18, update to version 1.6.18 or later. For MyBB versions 1.8.x prior to 1.8.6, update to version 1.8.6 or later. For MyBB Merge System versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** The issue allows remote attackers to obtain the installation path by sending mails, specifically targeting the Admin control panel. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** The issue allows attackers to have an unspecified impact through vectors related to low adminsid and sid entropy. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** The issue allows remote attackers to conduct clickjacking attacks. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.7 MyBB Merge System versions prior to 1.8.7 **Description** The issue allows remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories. **Recommendations** For MyBB versions prior to 1.8.7, update to version 1.8.7 or later. For MyBB Merge System versions prior to 1.8.7, update to version 1.8.7 or later.