Ostro

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.2.13 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to API endpoints such as "portal.php" and functions within "inc/functions post.php". Recommendations: For MyBB versions prior to 1.2.13, update to version 1.2.13 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.2.13 Description: The issue is related to an unspecified vulnerability in the inc/datahandler/user.php file, which is likely connected to SQL injection. The vulnerability involves the `user['language']` variable. Recommendations: For versions prior to 1.2.13, update to version 1.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the inc/datahandler/user.php file or limiting the use of the `user['language']` variable until the update is applied.

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.2.13 Description: The issue is related to a directory traversal vulnerability in the inc/class language.php file, which is associated with the `$language` variable. The impact and attack vectors of this issue are not specified. Recommendations: For versions prior to 1.2.13, update to version 1.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the inc/class language.php file until a patch is applied. Avoid using the `$language` variable in sensitive operations until the issue is resolved.