CVE-2012-2326

Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
mybbmybb
𝑥
≤ 1.6.6
mybbmybb
1.00
mybbmybb
1.0:beta4
mybbmybb
1.0:pr1
mybbmybb
1.0:pr2
mybbmybb
1.0:rc1
mybbmybb
1.0:rc2
mybbmybb
1.0:rc3
mybbmybb
1.0:rc4
mybbmybb
1.01
mybbmybb
1.1.0
mybbmybb
1.1.1
mybbmybb
1.1.2
mybbmybb
1.1.3
mybbmybb
1.1.4
mybbmybb
1.1.5
mybbmybb
1.1.6
mybbmybb
1.1.7
mybbmybb
1.1.8
mybbmybb
1.02
mybbmybb
1.2.0
mybbmybb
1.2.1
mybbmybb
1.2.2
mybbmybb
1.2.3
mybbmybb
1.2.4
mybbmybb
1.2.5
mybbmybb
1.2.6
mybbmybb
1.2.7
mybbmybb
1.2.8
mybbmybb
1.2.9
mybbmybb
1.2.10
mybbmybb
1.2.11
mybbmybb
1.2.12
mybbmybb
1.2.13
mybbmybb
1.2.14
mybbmybb
1.03
mybbmybb
1.3:pre-1.0
mybbmybb
1.04
mybbmybb
1.4.0
mybbmybb
1.4.1
mybbmybb
1.4.2
mybbmybb
1.4.3
mybbmybb
1.4.4
mybbmybb
1.4.5
mybbmybb
1.4.6
mybbmybb
1.4.7
mybbmybb
1.4.8
mybbmybb
1.4.9
mybbmybb
1.4.10
mybbmybb
1.4.11
mybbmybb
1.4.12
mybbmybb
1.4.13
mybbmybb
1.4.14
mybbmybb
1.4.15
mybbmybb
1.4.16
mybbmybb
1.5.1
mybbmybb
1.5.2
mybbmybb
1.6.1
mybbmybb
1.6.2
mybbmybb
1.6.3
mybbmybb
1.6.4
mybbmybb
1.6.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
http://www.openwall.com/lists/oss-security/2012/05/07/13
http://www.openwall.com/lists/oss-security/2012/05/07/14
http://www.securityfocus.com/bid/53417
http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
http://www.openwall.com/lists/oss-security/2012/05/07/13
http://www.openwall.com/lists/oss-security/2012/05/07/14
http://www.securityfocus.com/bid/53417