Description

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files."

Remediation

References

CVE-2015-8976

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1760)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Multiple Cross-Site Scripting Vulnerabilities (4.15.17)

WordPress Ultimate Member Plugin Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-6859)

Liferay DXP CVE-2021-33330 Vulnerability (CVE-2021-33330)

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)

Severity

Medium

Classification

CVE-2015-8976 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities