Published: 03/12/2014 Updated: 05/12/2014

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x prior to 1.8.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mybb mybb 1.8.1
mybb mybb 1.8.0

#Title: MyBB 18X - Multiple Vulnerabilities #Date: 13112014 #Tested on: Linux / Apache 22 / PHP 5 (localhost) #Vendor: mybbcom #Version: => 181 - Latest ATM #Contact: smash@devilteampl #Author: Smash_ Latest MyBB forum software suffers on multiple vulnerabilities, including SQL Injection and Cross Site Scripting Such bugs may allow ...

CWE-79 http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/https://nvd.nist.gov https://www.exploit-db.com/exploits/35224/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-9241

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect