MyBB < 1.4.15 / 1.6 < 1.6.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5879

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts MyBB, a web-based discussion board application. Versions of MyBB earlier than 1.4.15, or 1.6.x earlier than 1.6.2 are potentially affected by multiple issues :

- A cross-site scripting vulnerability exists in the modcp.php script. (1464)

- A cross-site scripting vulnerabililty exists in the 'xmlhttp.php' script. (1460)

- A cross-site scripting issue exists relating to HTML content in posts. (1422)

Solution

Upgrade to MyBB 1.4.15, 1.6.2, or later.

See Also

http://blog.mybb.com/2011/02/22/mybb-1-6-2-and-1-4-15-security-update

http://dev.mybb.com/issues/1464

http://dev.mybb.com/issues/1460

http://dev.mybb.com/issues/1422

Plugin Details

Severity: Medium

ID: 5879

File Name: 5879.prm

Family: CGI

Published: 2011/04/04

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 53288

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 3.6

Temporal Score: 3.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

Patch Publication Date: 2011/02/22

Vulnerability Publication Date: 2011/02/22

Reference Information

BID: 47131