Description

Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.

Remediation

References

CVE-2015-4552

Related Vulnerabilities

WordPress 4.2.x Same Origin Method Execution (SOME) Vulnerability (4.2 - 4.2.7)

WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Cross-Site Request Forgery (3.2.0)

WordPress Plugin Polldaddy Polls & Ratings Unspecified Vulnerability (2.0.25)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

Joomla! Core 1.5.12 Arbitrary File Upload (1.5.12)

Severity

Medium

Classification

CVE-2015-4552 CWE-707

Tags

Missing Update Known Vulnerabilities