Description
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Security Bypass (2.7.2)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670)
WordPress 4.8.x Arbitrary File Deletion Vulnerability (4.8 - 4.8.6)
Envoy Proxy Incomplete Cleanup Vulnerability (CVE-2023-35945)