Description

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.

Remediation

References

CVE-2013-7288

Related Vulnerabilities

Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-32778)

WebLogic CVE-2019-2618 Vulnerability (CVE-2019-2618)

WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)

Oracle JRE CVE-2013-2417 Vulnerability (CVE-2013-2417)

Oracle Database Server CVE-2020-2734 Vulnerability (CVE-2020-2734)

Severity

Medium

Classification

CVE-2013-7288 CWE-707

Tags

Missing Update Known Vulnerabilities