PT-2006-2297 · Mybb · Mybb
Published
2006-03-19
·
Updated
2018-10-18
·
CVE-2006-1281
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB versions 1.04 through 1.10
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the
url parameter in the member.php file.Recommendations
For MyBB versions 1.04 through 1.10, as a temporary workaround, consider restricting access to the member.php file until a patch is available. Avoid using the
url parameter in the affected file to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mybb