Description

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.

Remediation

References

CVE-2013-7288

Related Vulnerabilities

WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)

MySQL CVE-2024-21171 Vulnerability (CVE-2024-21171)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-46150)

Oracle Database Server CVE-2011-0799 Vulnerability (CVE-2011-0799)

phpMyAdmin Improper Authentication Vulnerability (CVE-2018-12613)

Severity

Medium

Classification

CVE-2013-7288 CWE-707

Tags

Missing Update Known Vulnerabilities