MyBB < 1.4.15 / 1.6 < 1.6.2 Multiple Vulnerabilities

low Nessus Network Monitor Plugin ID 5879

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts MyBB, a web-based discussion board application. Versions of MyBB earlier than 1.4.15, or 1.6.x earlier than 1.6.2 are potentially affected by multiple issues :

- A cross-site scripting vulnerability exists in the modcp.php script. (1464)

- A cross-site scripting vulnerabililty exists in the 'xmlhttp.php' script. (1460)

- A cross-site scripting issue exists relating to HTML content in posts. (1422)

Solution

Upgrade to MyBB 1.4.15, 1.6.2, or later.

See Also

http://blog.mybb.com/2011/02/22/mybb-1-6-2-and-1-4-15-security-update

http://dev.mybb.com/issues/1464

http://dev.mybb.com/issues/1460

http://dev.mybb.com/issues/1422

Plugin Details

Severity: Low

ID: 5879

Family: CGI

Published: 4/4/2011

Updated: 3/6/2019

Nessus ID: 53288

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

Patch Publication Date: 2/22/2011

Vulnerability Publication Date: 2/22/2011

Reference Information

BID: 47131