Detections
Analytics

MyBB < 1.4.15 / 1.6 < 1.6.2 Multiple Vulnerabilities

low Nessus Network Monitor Plugin ID 5879

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts MyBB, a web-based discussion board application. Versions of MyBB earlier than 1.4.15, or 1.6.x earlier than 1.6.2 are potentially affected by multiple issues :

- A cross-site scripting vulnerability exists in the modcp.php script. (1464)

 - A cross-site scripting vulnerabililty exists in the 'xmlhttp.php' script. (1460)

 - A cross-site scripting issue exists relating to HTML content in posts. (1422)

Solution

Upgrade to MyBB 1.4.15, 1.6.2, or later.

See Also

http://blog.mybb.com/2011/02/22/mybb-1-6-2-and-1-4-15-security-update

http://dev.mybb.com/issues/1464

http://dev.mybb.com/issues/1460

http://dev.mybb.com/issues/1422

Plugin Details

Severity: Low

ID: 5879

Family: CGI

Published: 4/4/2011

Updated: 3/6/2019

Nessus ID: 53288

Vulnerability Information

Patch Publication Date: 2/22/2011

Vulnerability Publication Date: 2/22/2011

Reference Information

BID: 47131