Cross site scripting
MyBB MyBulletinBoard 1.1.0 does not set the constant KILLGLOBAL variable in 1 global.php and 2 inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting XSS or SQL injectio...