Description

Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.

Remediation

References

CVE-2015-4552

Related Vulnerabilities

MySQL CVE-2018-3283 Vulnerability (CVE-2018-3283)

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress PHP Object Injection (4.3.2)

Moodle Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-4524)

WordPress Plugin YITH Desktop Notifications for WooCommerce Security Bypass (1.2.7)

IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2019-4151)

Severity

Medium

Classification

CVE-2015-4552 CWE-707

Tags

Missing Update Known Vulnerabilities