Syini666

**Name of the Vulnerable Software and Affected Versions** MyBB version 1.0 PR2 Rev 686 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via two main avenues: the subject field when creating a new thread and information passed to the Reputation system. **Recommendations** For MyBB version 1.0 PR2 Rev 686, as a temporary workaround, consider restricting user input in the subject field when creating new threads and limiting the information that can be passed to the Reputation system until a fix is available.

**Name of the Vulnerable Software and Affected Versions** MyBulletinBoard (MyBB) version 1.0 PR2 Rev 686 **Description** The issue allows remote attackers to delete or move private messages (PM) by modifying fields in the inbox form. **Recommendations** For MyBB version 1.0 PR2 Rev 686, as a temporary workaround, consider restricting access to the inbox form until a patch is available.