Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94395 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch Release Notes Vendor Advisory |
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94395 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ | Patch Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/11/10/8 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/11/18/1 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/94395 - Third Party Advisory, VDB Entry | |
References | () https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/ - Patch, Release Notes, Vendor Advisory |
Information
Published : 2017-01-31 22:59
Updated : 2024-11-21 03:01
NVD link : CVE-2016-9409
Mitre link : CVE-2016-9409
CVE.ORG link : CVE-2016-9409
JSON object : View
Products Affected
mybb
- mybb
- merge_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')