Cross-Site Scripting Vulnerability in MyBB Admin Control Panel
CVE-2016-9409

6.1MEDIUM

Key Information:

Vendor

Mybb

Status
Mybb
Merge System
Vendor
CVE Published:
31 January 2017

What is CVE-2016-9409?

A cross-site scripting (XSS) vulnerability exists in the Admin control panel of MyBB, allowing attackers to inject arbitrary web scripts or HTML through log pruning vectors. If exploited, this flaw could enable unauthorized actions on behalf of legitimate users, posing a significant risk to the application's integrity and user data.

References

http://www.securityfocus.com/bid/94395
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2016/11/18/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/11/10/8
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.