MyBB < 1.4.6 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 5012

Synopsis

The remote host is vulnerable to multiple attack vectors

Description

The version of MyBB installed on the remote host is vulnerable to an html-injection flaw. An attacker, exploiting this flaw, would be able to execute script code within the browser of an unsuspecting user. Allegedly, the host is also vulnerable to several unspecified vulnerabilities. While the details are sketchy, the vendor has addressed the issue.

Solution

Upgrade to MyBB 1.4.6 or later.

See Also

http://www.mybboard.com

Plugin Details

Severity: High

ID: 5012

Family: CGI

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

BID: 34798