CVE-2016-9409

2017-01-3122:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.

References

www.openwall.com/lists/oss-security/2016/11/10/8

www.openwall.com/lists/oss-security/2016/11/18/1

www.securityfocus.com/bid/94395

blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/