CVE-2019-2022502.01.2020, 15:15MyBB before 1.8.22 allows an open redirect on login.Open RedirectEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.1 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 46%VendorProductVersionmybbmybb𝑥< 1.8.22𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-601 - URL Redirection to Untrusted Site ('Open Redirect')A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.Referenceshttps://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/https://mybb.com/versions/1.8.22/https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/https://mybb.com/versions/1.8.22/