Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94396 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Release Notes Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-01-31 22:59
Updated : 2024-02-04 19:11
NVD link : CVE-2016-9421
Mitre link : CVE-2016-9421
CVE.ORG link : CVE-2016-9421
JSON object : View
Products Affected
mybb
- merge_system
- mybb
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')