Description

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.

Remediation

References

CVE-2013-7288

Related Vulnerabilities

WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Request Forgery (1.3.3)

WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Security Bypass (4.9.3)

WordPress Plugin Product Catalog X Cross-Site Request Forgery (1.5.12)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.30)

SharePoint CVE-2021-24072 Vulnerability (CVE-2021-24072)

Severity

Medium

Classification

CVE-2013-7288 CWE-707

Tags

Missing Update Known Vulnerabilities