CVE-2021-47934

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.

Vulnerability Details

Published Date

May 16, 2026

Last Modified

May 18, 2026

CWE ID

CWE-79

Source

NVD

Vendor

MyBB

Product

MyBB Timeline Plugin

External References

https://community.mybb.com/mods.php?action=view&pid=1428
https://www.exploit-db.com/exploits/49467
https://www.vulncheck.com/advisories/mybb-timeline-plugin-cross-site-scripting-and-csrf

CVE-2021-47934

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment