PT-2019-18393 · Mybb · Mybb User Ip History Logs Plugin

0Xb9

Publicado

2019-01-28

Atualizado

2019-01-29

CVE-2019-6979

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MyBB User IP History Logs plugin version 1.0.2

Description An issue was discovered in the User IP History Logs plugin for MyBB, where there is a cross-site scripting (XSS) vulnerability via the useragent field in the admin/modules/tools/ip history logs.php API endpoint.

Recommendations For MyBB User IP History Logs plugin version 1.0.2, consider disabling the admin/modules/tools/ip history logs.php endpoint until a patch is available to prevent exploitation of the XSS vulnerability via the useragent field.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-6979

Produtos afetados

Mybb User Ip History Logs Plugin

PT-2019-18393 · Mybb · Mybb User Ip History Logs Plugin

CVE-2019-6979

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4