Description
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bold Page Builder PHP Object Injection (3.1.5)
WordPress Plugin Share on Diaspora Cross-Site Scripting (0.7.1)
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-9861)
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-36231)