CVE-2013-7275

MyBB <1.6.12 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.

References (5)

[Vendor Advisory] http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release

[Vendor Advisory] http://secunia.com/advisories/55945

[Exploit, Patch] https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64570

[Third Party Advisory, VDB Entry] http://osvdb.org/101545

Scores

EPSS 0.0032

EPSS Percentile 54.8%

Details

CWE

CWE-79

Status published

Products (50)

mybb/mybb < 1.6.11

mybb/mybb

... and 40 more

Published Jan 08, 2014

Tracked Since Feb 18, 2026