PT-2006-1536 · Mybb · Mybb
Imei
·
Published
2006-01-31
·
Updated
2017-07-20
·
CVE-2006-0470
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB version 1.02
Description
A cross-site scripting (XSS) issue exists due to improper handling of the
sortby and sortordr parameters in the search.php file, allowing remote attackers to inject arbitrary web script or HTML.Recommendations
For MyBB version 1.02, as a temporary workaround, consider restricting access to the search.php file until a patch is available, and avoid using the
sortby and sortordr parameters in the affected API endpoint.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mybb