CVE-2008-3966

2008-09-11T01:13:00
ID CVE-2008-3966
Type cve
Reporter cve@mitre.org
Modified 2008-11-15T07:19:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. Patch information - http://community.mybboard.net/showthread.php?tid=36022