icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MyBB < 1.4.8 Multiple XSS

Medium

Synopsis

The remote web server is running a PHP application that is affected by multiple attack vectors.

Description

The remote web server is running a version of MyBB earlier than 1.4.8. Such versions reportedly fail to properly sanitize user-supplied data to unspecified parameters in the 'Archive' and 'Attachment' features of the application. An attacker could exploit this flaw to launch cross-site scripting attacks.

Solution

Upgrade to MyBB 1.4.8 or later.