Description

Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2016-9421

Related Vulnerabilities

WordPress Plugin Inline Related Posts Multiple Cross-Site Scripting Vulnerabilities (3.0.4)

WordPress Plugin Developer Formatter Cross-Site Request Forgery (2012.0.1.39)

Joomla Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4104)

WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.40)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17294)

Severity

Medium

Classification

CVE-2016-9421 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities