Description

Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.

Remediation

References

CVE-2007-0544

Related Vulnerabilities

WordPress Deserialization of Untrusted Data Vulnerability (CVE-2018-20148)

Joomla Cryptographic Issues Vulnerability (CVE-2014-7228)

WordPress Plugin bodi0`s Bots visits counter Cross-Site Scripting (0.8.1)

WordPress Plugin Email Log Information Disclosure (1.9)

WordPress Plugin WP Photo Album 'photo' Parameter SQL Injection (1.0)

Severity

Medium

Classification

CVE-2007-0544

Tags

Missing Update Known Vulnerabilities