CVE-2016-9407

2017-01-3122:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.

References

www.openwall.com/lists/oss-security/2016/11/10/8

www.openwall.com/lists/oss-security/2016/11/18/1

www.securityfocus.com/bid/94395

blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/