MyBB < 1.6.15 Video MyCode XSS

medium Nessus Plugin ID 81699

Synopsis

The remote web server hosts a PHP application that is affected by a cross-site scripting vulnerability.

Description

According to its version number, the MyBB application hosted on the remote web server is prior to 1.6.15. It is, therefore, potentially affected by a cross-site scripting vulnerability in video MyCode due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary script code within the context of the user's browser.

Solution

Upgrade to MyBB version 1.6.15 or later.

See Also

http://www.nessus.org/u?073e8110

Plugin Details

Severity: Medium

ID: 81699

File Name: mybb_1615.nasl

Version: 1.8

Type: remote

Published: 3/9/2015

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mybb:mybb

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/MyBB

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 8/4/2014

Vulnerability Publication Date: 8/4/2014

Reference Information

CVE: CVE-2014-5248