Mybb Merge System 1.8.6 MyBulletinBoard Cross Site Scripting Vulnerability

Summary

Mybb Merge System is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user

Credit:

The information has been provided by jamslater.
The original article can be found at: http://www.securityfocus.com/bid/94395


Details

Vulnerable Systems:
 * Mybb Merge System 1.8.6
 * Mybb 1.8.6

Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.

CVE Information:
CVE-2016-9409

Disclosure Timeline:
Publish Date : 2017-01-31
Last Update Date : 2017-02-03

Categories: News