CVE-2015-8976

Name of the Vulnerable Software and Affected Versions MyBB versions prior to 1.6.18 MyBB versions 1.8.x prior to 1.8.6 MyBB Merge System versions prior to 1.8.6

Description A cross-site scripting (XSS) issue might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files."

Recommendations For MyBB versions prior to 1.6.18, update to version 1.6.18 or later. For MyBB versions 1.8.x prior to 1.8.6, update to version 1.8.6 or later. For MyBB Merge System versions prior to 1.8.6, update to version 1.8.6 or later.