WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3966)

Description

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.

Remediation

References

Related Vulnerabilities

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1675)

Internet Information Services Other Vulnerability (CVE-1999-0233)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2851)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5204)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-48110)

Severity

Medium

Classification

CVE-2008-3966 CWE-707

Tags

Missing Update Known Vulnerabilities