MyBB < 1.4.15 / 1.6 < 1.6.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5879


The remote web server is running a PHP application that is vulnerable to multiple attack vectors.


The remote web server hosts MyBB, a web-based discussion board application. Versions of MyBB earlier than 1.4.15, or 1.6.x earlier than 1.6.2 are potentially affected by multiple issues :

- A cross-site scripting vulnerability exists in the modcp.php script. (1464)

- A cross-site scripting vulnerabililty exists in the 'xmlhttp.php' script. (1460)

- A cross-site scripting issue exists relating to HTML content in posts. (1422)


Upgrade to MyBB 1.4.15, 1.6.2, or later.

See Also

Plugin Details

Severity: Medium

ID: 5879

File Name: 5879.prm

Family: CGI

Published: 2011/04/04

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 53288

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 3.6

Temporal Score: 3.5


Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

Patch Publication Date: 2011/02/22

Vulnerability Publication Date: 2011/02/22

Reference Information

BID: 47131