CVE-2012-2326

MyBB <1.6.7 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.

References (4)

Scores

EPSS 0.0034
EPSS Percentile 56.6%

Classification

CWE
CWE-79
Status published

Affected Products (50)

mybb/mybb < 1.6.6
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
mybb/mybb
... and 35 more

Timeline

Published Aug 13, 2012
Tracked Since Feb 18, 2026