Description
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)
SharePoint CVE-2020-16941 Vulnerability (CVE-2020-16941)
WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1)
WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)
Apache read beyond bounds in mod_isapi Vulnerability (CVE-2022-28330)