Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1840

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-1840
Last Modified 04 Mar 2014 12:36:10
Published 03 Mar 2014 11:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1840

Summary

Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.

Vulnerable Systems

Application

  • Mybb 1.6.0

  • Mybb 1.6.1

  • Mybb 1.6.10

  • Mybb 1.6.11

  • Mybb 1.6.12

  • Mybb 1.6.2

  • Mybb 1.6.3

  • Mybb 1.6.4

  • Mybb 1.6.5

  • Mybb 1.6.6

  • Mybb 1.6.7

  • Mybb 1.6.8

  • Mybb 1.6.9


References

MISC - http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html

MISC - http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/


Last Updated: 27 May 2016 11:04:32