216.73.216.67

CVE-2021-47934

· Published 16/05/2026 16:16 · Modified 16/05/2026 16:16

Labels: CVE-2021-47934 2026-05-16CVE-2021-47934CWE-79[email protected]

Essential information

Published
16/05/2026 16:16
Modified
16/05/2026 16:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mybb / timeline plugin cpe:2.3:a:mybb:timeline_plugin:1.0:*:*:*:*:*:*:*

References