4.3
CVSSv2

CVE-2014-1840

Published: 03/03/2014 Updated: 04/03/2014
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.

Affected Products

Vendor Product Versions
MybbMybb1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12

Mailing Lists

MyBB version 1612 POST cross site scripting proof of concept code ...