PT-2006-1536 · Mybb · Mybb
Imei
·
Publicado
2006-01-31
·
Atualizado
2017-07-20
·
CVE-2006-0470
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB version 1.02
Description
A cross-site scripting (XSS) issue exists due to improper handling of the
sortby and sortordr parameters in the search.php file, allowing remote attackers to inject arbitrary web script or HTML.Recommendations
For MyBB version 1.02, as a temporary workaround, consider restricting access to the search.php file until a patch is available, and avoid using the
sortby and sortordr parameters in the affected API endpoint.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mybb