Description

Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2016-9405

Related Vulnerabilities

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple SQL Injection Vulnerabilities (3.8.2)

WordPress Improper Input Validation Vulnerability (CVE-2018-20152)

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Cross-Site Scripting (4.19.2)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Multiple Vulnerabilities (3.3.0)

WordPress Plugin Advanced Custom Fields:reCAPTCHA Field Security Bypass (1.1.1)

Severity

Medium

Classification

CVE-2016-9405 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities