Description

Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.

Remediation

References

CVE-2007-0544

Related Vulnerabilities

WordPress Plugin Simple Share Buttons Adder Cross-Site Scripting (5.6)

Jboss EAP CVE-2011-1483 Vulnerability (CVE-2011-1483)

WordPress Plugin WooCommerce Cart Expiration PHP Object Injection (0.1.0)

WordPress Plugin wSecure Lite Remote Code Execution (2.3)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3997)

Severity

Medium

Classification

CVE-2007-0544

Tags

Missing Update Known Vulnerabilities