Description

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.

Remediation

References

CVE-2013-7275

Related Vulnerabilities

MongoDb Resource Management Errors Vulnerability (CVE-2013-3969)

WordPress Plugin College publisher Import Arbitrary File Upload (0.1)

WordPress Plugin Newsletter-Send awesome emails from WordPress CSV Injection (6.5.3)

WordPress Plugin W3 Total Cache Server-Side Request Forgery (0.9.7.3)

WordPress Plugin WP Advanced Importer Cross-Site Scripting (2.1.1)

Severity

Medium

Classification

CVE-2013-7275 CWE-707

Tags

Missing Update Known Vulnerabilities