icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MyBB < 1.4.15 / 1.6 < 1.6.2 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts MyBB, a web-based discussion board application. Versions of MyBB earlier than 1.4.15, or 1.6.x earlier than 1.6.2 are potentially affected by multiple issues :

- A cross-site scripting vulnerability exists in the modcp.php script. (1464)

- A cross-site scripting vulnerabililty exists in the 'xmlhttp.php' script. (1460)

- A cross-site scripting issue exists relating to HTML content in posts. (1422)

Solution

Upgrade to MyBB 1.4.15, 1.6.2, or later.