Cross-Site Scripting Vulnerability in MyBB Bulletin Board Software
CVE-2015-8975

6.1MEDIUM

Key Information:

Vendor

Mybb

Vendor
CVE Published:
31 January 2017

What is CVE-2015-8975?

An XSS vulnerability has been identified in MyBB's error handling system, which could enable remote attackers to inject arbitrary web scripts or HTML through various vectors. This flaw exists in MyBB versions prior to 1.6.18 and 1.8.x before 1.8.6, as well as in the MyBB Merge System prior to 1.8.6, posing a risk to users who may unknowingly interact with malicious content. It is crucial for administrators to update their MyBB installations to mitigate this risk.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.