Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mybb mybb 1.6.10 |
||
mybb mybb 1.6.2 |
||
mybb mybb 1.6.7 |
||
mybb mybb 1.6.9 |
||
mybb mybb |
||
mybb mybb 1.6.0 |
||
mybb mybb 1.6.3 |
||
mybb mybb 1.6.4 |
||
mybb mybb 1.6.5 |
||
mybb mybb 1.6.6 |
||
mybb mybb 1.6.1 |
||
mybb mybb 1.6.11 |
||
mybb mybb 1.6.8 |