Description
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Flow Plus Unspecified Vulnerability (2.2.0)
WordPress Plugin Advanced AJAX Page Loader Cross-Site Request Forgery (2.7.7)
WordPress CVE-2014-5203 Vulnerability (CVE-2014-5203)
WordPress Plugin BulletProof Security Cross-Site Scripting (.50.9)
WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)