CVE-2006-3761

Name of the Vulnerable Software and Affected Versions MyBB versions 1.0 RC2 through 1.1.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag. This can be demonstrated using "javascript".

Recommendations For MyBB versions 1.0 RC2 through 1.1.4, consider disabling the url BBCode tag until a patch is available to prevent exploitation of this issue. Restrict access to the inc/functions post.php file to minimize the risk of exploitation. Avoid using SGML numeric character references in the url BBCode tag until the issue is resolved.