CVE-2021-47934

MEDIUM NVD

CVSS Score 5.3

Severity MEDIUM

Published May 16, 2026

Vendor unknown

Description

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.

References

https://community.mybb.com/mods.php?action=view&pid=1428
https://www.exploit-db.com/exploits/49467
https://www.vulncheck.com/advisories/mybb-timeline-plugin-cross-site-scripting-and-csrf