CVE-2021-47934

MEDIUM CVSS 5.3 View on NVD ↗

Description

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

https://community.mybb.com/mods.php?action=view&pid=1428
https://www.exploit-db.com/exploits/49467
https://www.vulncheck.com/advisories/mybb-timeline-plugin-cross-site-scripting-and-csrf

Published: May 16, 2026 16:16 UTC Modified: May 16, 2026 16:16 UTC