PT-2026-41448 · Mybb · Mybb Timeline Plugin

0Xb9

·

Published

2026-05-16

·

Updated

2026-05-17

·

CVE-2021-47934

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0
Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery flaw exists in the 'timeline.php' profile action, enabling attackers to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2021-47934

Affected Products

Mybb Timeline Plugin