Description

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.

Remediation

References

CVE-2008-3966

Related Vulnerabilities

MySQL CVE-2016-0655 Vulnerability (CVE-2016-0655)

WebLogic Observable Discrepancy Vulnerability (CVE-2019-3739)

WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8130)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2015-8394)

Severity

Medium

Classification

CVE-2008-3966 CWE-707

Tags

Missing Update Known Vulnerabilities