CVE-2010-4522

Name of the Vulnerable Software and Affected Versions MyBB versions 1.4.14, and 1.6.x before 1.6.1

Description The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved through vectors related to the "editpost.php", "member.php", and "newreply.php" files.

Recommendations For MyBB version 1.4.14, update to a version later than 1.4.14 to resolve the issue. For MyBB versions 1.6.x before 1.6.1, update to version 1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "editpost.php", "member.php", and "newreply.php" files until a patch is available.