{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:01:48.853","vulnerabilities":[{"cve":{"id":"CVE-2020-19049","sourceIdentifier":"cve@mitre.org","published":"2021-08-31T14:15:25.390","lastModified":"2024-11-21T05:08:56.127","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the \"Description\" field found in the \"Add New Forum\" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'."},{"lang":"es","value":"Una vulnerabilidad de tipo Cross Site Scripting (XSS) en MyBB versión v1.8.20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo \"Description\" que se encuentra en la página \"Add New Forum\" haciendo una petición HTTP POST autenticada a \"/Upload/admin/index.php?module=forum-management&action=add\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.20:*:*:*:*:*:*:*","matchCriteriaId":"9588B1DB-5ED6-43CE-8B95-78989C75A59E"}]}]}],"references":[{"url":"https://github.com/joelister/bug/issues/2","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/joelister/bug/issues/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}