Description

MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.

Remediation

References

CVE-2018-10678

Related Vulnerabilities

WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.5)

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.19)

WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection (7.1.4)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-12747)

WordPress Plugin bbPress Cross-Site Scripting (2.5.8)

Severity

Medium

Classification

CVE-2018-10678 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities