Description

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.

Remediation

References

CVE-2013-7288

Related Vulnerabilities

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)

WordPress Plugin WPtouch Open Redirect (3.4.9)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21015)

WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (3.5)

Severity

Medium

Classification

CVE-2013-7288 CWE-707

Tags

Missing Update Known Vulnerabilities