SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).

index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter.

Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message).

Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter.