Lucene search

MitreCVE-2008-4928

HistoryNov 04, 2008 - 9:00 p.m.

CVE-2008-4928

2008-11-0421:00:05

CWE-79

mitre

web.nvd.nist.gov

mybb

cross-site scripting

xss

remote attackers

web script

html

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.

Affected configurations

Nvd

Node

mybbmybbMatch1.4.2

VendorProductVersionCPE
mybbmybb1.4.2cpe:2.3:a:mybb:mybb:1.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybb	mybb	1.4.2	cpe:2.3:a:mybb:mybb:1.4.2:::::::*

References

archives.neohapsis.com/archives/bugtraq/2008-10/0203.html

archives.neohapsis.com/archives/bugtraq/2008-10/0212.html

archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html

www.openwall.com/lists/oss-security/2008/11/01/2

www.securityfocus.com/bid/31935

www.vupen.com/english/advisories/2008/2967

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

Related for CVE-2008-4928