Description

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

Remediation

References

CVE-2015-8973

Related Vulnerabilities

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.13)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20183)

WordPress Plugin Zendesk Help Center by BestWebSoft Cross-Site Scripting (1.0.4)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2933)

Joomla! Core 3.x.x SQL Injection (3.2.0 - 3.4.4)

Severity

High

Classification

CVE-2015-8973 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities