Description
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x Security Bypass (8.0.0 - 8.2.7)
WordPress Plugin Ultimate Responsive Image Slider Unspecified Vulnerability (3.3.2)
Nginx Other Vulnerability (CVE-2019-9513)
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8624)