Summary
The host is running MyBB and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to inject arbitrary web script or HTML.
Impact Level: Application
Solution
Upgrade to MyBB version 1.6.1 or later,
For updates refer to http://www.mybb.com/downloads
Insight
The flaws are caused by improper validation of user-supplied input via vectors related to 'editpost.php', 'member.php', and 'newreply.php'.
Affected
MyBB 1.6 and prior.
References
Severity
Classification
-
CVE CVE-2010-4522 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability