Summary
This host is running MyBB and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials.
Impact Level: Application.
Solution
Upgrade to version 1.6.13 or later,
For updates refer to http://www.mybb.com
Insight
The flaw is due to an input passed via the 'keywords' parameter to 'search.php', which is not properly sanitised before using it.
Affected
MyBB version 1.6.12, Other versions may also be affected.
Detection
Send a crafted exploit string via HTTP POST request and check whether it is able to read the string or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-1840 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities