Description
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shantz WordPress QOTD Cross-Site Request Forgery (1.2.2)
WordPress Plugin Thrive Apprentice Security Bypass (2.3.9.3)
Joomla Other Vulnerability (CVE-2005-3771)
WordPress Plugin Constant Contact for WordPress Unspecified Vulnerability (3.1.6)
WordPress Plugin WP e-Commerce Predictive Search Cross-Site Scripting (1.1.1)