Description
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.
Remediation
References
Related Vulnerabilities
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-7489)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)