MyBB 1.8.2 'usercp.php' HTML Injection Vulnerability

High Nessus Network Monitor Plugin ID 8619


The remote web server is running a PHP application which is outdated and thus prone to an HTML injection vulnerability.


The remote web server hosts MyBulletinBoard, a web-based discussion board application.

MyBB version 1.8.2 is prone to an HTML-injection vulnerability; other versions may also be affected. This is because it fails to sufficiently sanitize user-supplied input submitted to the 'usertitle' post parameter of the 'usercp.php' script. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, compromising its contents or granting unauthorized access.


Upgrade to MyBB version 1.8.3 or higher.

See Also

Plugin Details

Severity: High

ID: 8619

Family: CGI

Published: 2015/01/19

Modified: 2016/03/03

Dependencies: 9125

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mybb:mybb

Patch Publication Date: 2014/11/17

Vulnerability Publication Date: 2014/11/17

Reference Information

BID: 71270