Description

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

Remediation

References

CVE-2015-8973

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-29506)

Drupal Core Cross-Site Scripting (8.0.0 - 9.2.21)

Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)

PHP Other Vulnerability (CVE-2004-1065)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19799)

Severity

High

Classification

CVE-2015-8973 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities