PT-2019-18393 · Mybb · Mybb User Ip History Logs Plugin

0Xb9

Published

2019-01-28

Updated

2019-01-29

CVE-2019-6979

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MyBB User IP History Logs plugin version 1.0.2

Description An issue was discovered in the User IP History Logs plugin for MyBB, where there is a cross-site scripting (XSS) vulnerability via the useragent field in the admin/modules/tools/ip history logs.php API endpoint.

Recommendations For MyBB User IP History Logs plugin version 1.0.2, consider disabling the admin/modules/tools/ip history logs.php endpoint until a patch is available to prevent exploitation of the XSS vulnerability via the useragent field.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-6979

Affected Products

Mybb User Ip History Logs Plugin

PT-2019-18393 · Mybb · Mybb User Ip History Logs Plugin

CVE-2019-6979

Weakness Enumeration

Related Identifiers

Affected Products

References · 4