Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
References
Link | Resource |
---|---|
http://secunia.com/advisories/55945 | Vendor Advisory |
http://www.securityfocus.com/bid/64570 | |
http://osvdb.org/101545 | |
http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release | Vendor Advisory |
https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8 | Exploit Patch |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-01-08 07:29
Updated : 2014-02-25 06:03
NVD link : CVE-2013-7275
Mitre link : CVE-2013-7275
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
mybb
- mybb