WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9241)

Description

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.

Remediation

References

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2006-0097)

ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)

ownCloud Improper Authentication Vulnerability (CVE-2020-10254)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.18)

Mailman Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-12108)

Severity

Medium

Classification

CVE-2014-9241 CWE-707

Tags

Missing Update Known Vulnerabilities