CVE-2012-2326

EUVD-2012-2319
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
mybbmybb
𝑥
≤ 1.6.6
mybbmybb
1.00
mybbmybb
1.0:beta4
mybbmybb
1.0:pr1
mybbmybb
1.0:pr2
mybbmybb
1.0:rc1
mybbmybb
1.0:rc2
mybbmybb
1.0:rc3
mybbmybb
1.0:rc4
mybbmybb
1.01
mybbmybb
1.1.0
mybbmybb
1.1.1
mybbmybb
1.1.2
mybbmybb
1.1.3
mybbmybb
1.1.4
mybbmybb
1.1.5
mybbmybb
1.1.6
mybbmybb
1.1.7
mybbmybb
1.1.8
mybbmybb
1.02
mybbmybb
1.2.0
mybbmybb
1.2.1
mybbmybb
1.2.2
mybbmybb
1.2.3
mybbmybb
1.2.4
mybbmybb
1.2.5
mybbmybb
1.2.6
mybbmybb
1.2.7
mybbmybb
1.2.8
mybbmybb
1.2.9
mybbmybb
1.2.10
mybbmybb
1.2.11
mybbmybb
1.2.12
mybbmybb
1.2.13
mybbmybb
1.2.14
mybbmybb
1.03
mybbmybb
1.3:pre-1.0
mybbmybb
1.04
mybbmybb
1.4.0
mybbmybb
1.4.1
mybbmybb
1.4.2
mybbmybb
1.4.3
mybbmybb
1.4.4
mybbmybb
1.4.5
mybbmybb
1.4.6
mybbmybb
1.4.7
mybbmybb
1.4.8
mybbmybb
1.4.9
mybbmybb
1.4.10
mybbmybb
1.4.11
mybbmybb
1.4.12
mybbmybb
1.4.13
mybbmybb
1.4.14
mybbmybb
1.4.15
mybbmybb
1.4.16
mybbmybb
1.5.1
mybbmybb
1.5.2
mybbmybb
1.6.1
mybbmybb
1.6.2
mybbmybb
1.6.3
mybbmybb
1.6.4
mybbmybb
1.6.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
http://www.openwall.com/lists/oss-security/2012/05/07/13
http://www.openwall.com/lists/oss-security/2012/05/07/14
http://www.securityfocus.com/bid/53417
http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
http://www.openwall.com/lists/oss-security/2012/05/07/13
http://www.openwall.com/lists/oss-security/2012/05/07/14
http://www.securityfocus.com/bid/53417