What is GHSA-9cv3-xr79-r4jw?

GHSA-9cv3-xr79-r4jw is a security advisory published by GitHub Security Advisories with Medium severity. MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to...

Which CVE IDs does GHSA-9cv3-xr79-r4jw cover?

GHSA-9cv3-xr79-r4jw covers the following CVE IDs: CVE-2021-47934. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-9cv3-xr79-r4jw?

GHSA-9cv3-xr79-r4jw has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

GHSA-9cv3-xr79-r4jwMediumCVSS 5.3

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to...

Vendor

GitHub Security Advisories

Published

May 16, 2026

Last Modified

May 16, 2026

🔗 CVE IDs covered (1)

CVE-2021-47934 →

📋 Description

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2021-47934
https://community.mybb.com/mods.php?action=view&pid=1428
https://www.exploit-db.com/exploits/49467
https://www.vulncheck.com/advisories/mybb-timeline-plugin-cross-site-scripting-and-csrf
https://github.com/advisories/GHSA-9cv3-xr79-r4jw