5.1

CVSS4.0

CVE-2018-25132 - MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.

📅 Published: Jan. 23, 2026, 4:47 p.m. 🔄 Last Modified: April 9, 2026, 2:08 p.m.

5.1

CVSS4.0

CVE-2018-25116 - MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.

📅 Published: Jan. 23, 2026, 4:47 p.m. 🔄 Last Modified: April 9, 2026, 2:12 p.m.

5.1

CVSS4.0

CVE-2025-71177 - LavaLite CMS <= 10.1.0 Stored XSS via Package Creation and Search

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without proper…

📅 Published: Jan. 23, 2026, 4:40 p.m. 🔄 Last Modified: March 5, 2026, 1:29 a.m.

6

CVSS4.0

CVE-2026-1299 - email BytesGenerator header injection due to unquoted newlines

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldi…

📅 Published: Jan. 23, 2026, 4:27 p.m. 🔄 Last Modified: April 16, 2026, 5:45 p.m.

0.0