Description

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files."

Remediation

References

CVE-2015-8976

Related Vulnerabilities

Magento Session Fixation Vulnerability (CVE-2019-7849)

WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)

Microsoft SQL Server CVE-2023-32027 Vulnerability (CVE-2023-32027)

Oracle Database Server CVE-2023-22075 Vulnerability (CVE-2023-22075)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8)

Severity

Medium

Classification

CVE-2015-8976 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities