Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5132

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5132
Last Modified 13 Sep 2012 12:00:00
Published 30 Aug 2012 06:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5132

Summary

Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."

Vulnerable Systems

Application

  • Mybb 1.1.0

  • Mybb 1.1.1

  • Mybb 1.1.2

  • Mybb 1.1.3

  • Mybb 1.1.4

  • Mybb 1.1.5

  • Mybb 1.1.6

  • Mybb 1.1.7

  • Mybb 1.1.8

  • Mybb 1.2

  • Mybb 1.2.0

  • Mybb 1.2.1

  • Mybb 1.2.10

  • Mybb 1.2.11

  • Mybb 1.2.12

  • Mybb 1.2.13

  • Mybb 1.2.14

  • Mybb 1.2.2

  • Mybb 1.2.3

  • Mybb 1.2.4

  • Mybb 1.2.5

  • Mybb 1.2.6

  • Mybb 1.2.7

  • Mybb 1.2.8

  • Mybb 1.2.9

  • Mybb 1.3

  • Mybb 1.4.0

  • Mybb 1.4.1

  • Mybb 1.4.10

  • Mybb 1.4.11

  • Mybb 1.4.12

  • Mybb 1.4.13

  • Mybb 1.4.14

  • Mybb 1.4.15

  • Mybb 1.4.16

  • Mybb 1.4.2

  • Mybb 1.4.3

  • Mybb 1.4.4

  • Mybb 1.4.5

  • Mybb 1.4.6

  • Mybb 1.4.7

  • Mybb 1.4.8

  • Mybb 1.4.9

  • Mybb 1.5.1

  • Mybb 1.5.2

  • Mybb 1.6.0

  • Mybb 1.6.1

  • Mybb 1.6.2

  • Mybb 1.6.3

  • Mybb 1.6.4


References

XF - mybb-username-xss(71461)

BID - 50816

OSVDB - 77326

SECUNIA - 46951

CONFIRM - http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/


Last Updated: 27 May 2016 11:00:25