CVE-2014-9241

Name of the Vulnerable Software and Affected Versions MyBB versions 1.8.x before 1.8.2

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the type parameter to "report.php", the signature parameter in a "do editsig" action to "usercp.php", the title parameter in the style-templates module in an "edit template" action, or the file parameter in the config-languages module in an "edit" action to "admin/index.php".

Recommendations For MyBB versions 1.8.x before 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "report.php", "usercp.php", and "admin/index.php" scripts until the update is applied. Additionally, avoid using the vulnerable parameters type, signature, title, and file in the respective actions until the issue is resolved.