Lucene search

[email protected]CVE-2023-27890

HistoryApr 14, 2023 - 1:15 a.m.

CVE-2023-27890

2023-04-1401:15:07

CWE-79

[email protected]

web.nvd.nist.gov

mybb

xss

export user

admin

dsgvo

data security

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

55.9%

JSON

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected configurations

NVD

Node

export_user_projectexport_userRange≤2.0mybb

CPENameOperatorVersion
export_user_project:export_userexport user project export userle2.0

CPE	Name	Operator	Version
export_user_project:export_user	export user project export user	le	2.0

References

packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-Scripting.html

community.mybb.com/mods.php?action=view&pid=1408

community.mybb.com/user-121250.html