Description

Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.

Remediation

References

CVE-2016-9409

Related Vulnerabilities

WordPress Plugin Flip Slideshow Cross-Site Scripting (2.2)

WordPress Plugin Download Plugin Unspecified Vulnerability (1.6.1)

Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)

ownCloud Files or Directories Accessible to External Parties Vulnerability (CVE-2015-4715)

WordPress Plugin Payment Form for PayPal Pro Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

Severity

Medium

Classification

CVE-2016-9409 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities