Description

Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2016-9421

Related Vulnerabilities

WordPress Plugin GamePress-The Game Database Cross-Site Scripting (1.1.0)

MySQL CVE-2019-2819 Vulnerability (CVE-2019-2819)

IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)

WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Cross-Site Request Forgery (1.13.4)

Severity

Medium

Classification

CVE-2016-9421 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities