CVE-2021-47934— MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MyBB | MyBB Timeline Plugin | 1.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47934
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF
Source: NVD (National Vulnerability Database)
Vulnerability Description
MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
MyBB Timeline Plugin 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MyBB Timeline Plugin是MyBB公司的一个为MyBB论坛提供时间线动态展示与社交活动流功能的插件。 MyBB Timeline Plugin 1.0版本存在跨站脚本漏洞,该漏洞源于跨站脚本问题,可能导致攻击者通过线程标题、帖子内容和用户个人资料字段注入恶意脚本,以及通过跨站请求伪造漏洞更改用户封面图片。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MyBB | MyBB Timeline Plugin | 1.0 | - |
II. Public POCs for CVE-2021-47934
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47934
请登录查看更多情报信息。
Vendor Advisories for CVE-2021-47934 (1)
- MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF | Advisories | VulnCheckthird-party-advisory
Exploits & Public PoCs for CVE-2021-47934 (1)
Other References for CVE-2021-47934 (1)
- Extend MyBB - MyBB Timelineproduct
IV. Related Vulnerabilities
Same vendor: MyBB
- CVE-2018-25309
MyBB Recent threads 17.0 Persistent Cross-Site Scripting - CVE-2018-25250
MyBB Last User's Threads in Profile Plugin 1.2 Persistent XS - CVE-2018-25249
MyBB My Arcade Plugin 1.3 Persistent XSS via Comment - CVE-2018-25248
MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php - CVE-2018-25247
MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profile
Same weakness: CWE-79
- CVE-2018-25349
userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For He - CVE-2026-41147
NukeViet CMS: Stored Cross-Site Scripting (XSS) via insuffic - CVE-2026-40607
MantisBT is Vulnerable to Stored XSS Through its Saved-Filte - CVE-2026-40598
MantisBT has Potential Referer-Based Reflected HTML Injectio - CVE-2026-40597
MantisBT has a Content Security Policy bypass via attachment
V. Comments for CVE-2021-47934
No comments yet