What is the severity of CVE-2013-7275?

CVE-2013-7275 is classified as a high severity vulnerability due to its potential to allow attackers to execute arbitrary scripts.

How do I fix CVE-2013-7275?

To fix CVE-2013-7275, upgrade to MyBB version 1.6.12 or later where the vulnerability has been patched.

What types of attacks can CVE-2013-7275 facilitate?

CVE-2013-7275 can facilitate cross-site scripting (XSS) attacks, which allow attackers to inject and execute malicious scripts in a user's browser.

Which versions of MyBB are affected by CVE-2013-7275?

CVE-2013-7275 affects MyBB versions prior to 1.6.12, including multiple earlier versions.

Is there a workaround for CVE-2013-7275 if I can’t update MyBB?

If an immediate update isn't possible for CVE-2013-7275, restrict access to input fields in the frontend to minimize exposure to the vulnerability.

Vulnerability/
CVE-2013-7275

medium

4.3

CWE

8/1/2014

25/2/2014

CVE-2013-7275: XSS

First published: Wed Jan 08 2014(Updated: )

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MyBB	<=1.6.11
MyBB	=1.00
MyBB	=1.0-beta4
MyBB	=1.0-pr1
MyBB	=1.0-pr2
MyBB	=1.0-rc1
MyBB	=1.0-rc2
MyBB	=1.0-rc3
MyBB	=1.0-rc4
MyBB	=1.01
MyBB	=1.1.0
MyBB	=1.1.1
MyBB	=1.1.2
MyBB	=1.1.3
MyBB	=1.1.4
MyBB	=1.1.5
MyBB	=1.1.6
MyBB	=1.1.7
MyBB	=1.1.8
MyBB	=1.02
MyBB	=1.2
MyBB	=1.2.0
MyBB	=1.2.1
MyBB	=1.2.2
MyBB	=1.2.3
MyBB	=1.2.4
MyBB	=1.2.5
MyBB	=1.2.6
MyBB	=1.2.7
MyBB	=1.2.8
MyBB	=1.2.9
MyBB	=1.2.10
MyBB	=1.2.11
MyBB	=1.2.12
MyBB	=1.2.13
MyBB	=1.2.14
MyBB	=1.03
MyBB	=1.3-pre-1.0
MyBB	=1.04
MyBB	=1.4.0
MyBB	=1.4.1
MyBB	=1.4.2
MyBB	=1.4.3
MyBB	=1.4.4
MyBB	=1.4.5
MyBB	=1.4.6
MyBB	=1.4.7
MyBB	=1.4.8
MyBB	=1.4.9
MyBB	=1.4.10
MyBB	=1.4.11
MyBB	=1.4.12
MyBB	=1.4.13
MyBB	=1.4.14
MyBB	=1.4.15
MyBB	=1.4.16
MyBB	=1.5.1
MyBB	=1.5.2
MyBB	=1.6.0
MyBB	=1.6.1
MyBB	=1.6.2
MyBB	=1.6.3
MyBB	=1.6.4
MyBB	=1.6.5
MyBB	=1.6.6
MyBB	=1.6.7
MyBB	=1.6.8
MyBB	=1.6.9
MyBB	=1.6.10

Remedy

https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7275?
CVE-2013-7275 is classified as a high severity vulnerability due to its potential to allow attackers to execute arbitrary scripts.
How do I fix CVE-2013-7275?
To fix CVE-2013-7275, upgrade to MyBB version 1.6.12 or later where the vulnerability has been patched.
What types of attacks can CVE-2013-7275 facilitate?
CVE-2013-7275 can facilitate cross-site scripting (XSS) attacks, which allow attackers to inject and execute malicious scripts in a user's browser.
Which versions of MyBB are affected by CVE-2013-7275?
CVE-2013-7275 affects MyBB versions prior to 1.6.12, including multiple earlier versions.
Is there a workaround for CVE-2013-7275 if I can’t update MyBB?
If an immediate update isn't possible for CVE-2013-7275, restrict access to input fields in the frontend to minimize exposure to the vulnerability.

agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/weakness
agent/remedy
agent/references
agent/author
agent/description
agent/event
vendor/mybb
canonical/mybb
version/mybb/1.6.11
version/mybb/1.00
version/mybb/1.0-beta4
version/mybb/1.0-pr1
version/mybb/1.0-pr2
version/mybb/1.0-rc1
version/mybb/1.0-rc2
version/mybb/1.0-rc3
version/mybb/1.0-rc4
version/mybb/1.01
version/mybb/1.1.0
version/mybb/1.1.1
version/mybb/1.1.2
version/mybb/1.1.3
version/mybb/1.1.4
version/mybb/1.1.5
version/mybb/1.1.6
version/mybb/1.1.7
version/mybb/1.1.8
version/mybb/1.02
version/mybb/1.2
version/mybb/1.2.0
version/mybb/1.2.1
version/mybb/1.2.2
version/mybb/1.2.3
version/mybb/1.2.4
version/mybb/1.2.5
version/mybb/1.2.6
version/mybb/1.2.7
version/mybb/1.2.8
version/mybb/1.2.9
version/mybb/1.2.10
version/mybb/1.2.11
version/mybb/1.2.12
version/mybb/1.2.13
version/mybb/1.2.14
version/mybb/1.03
version/mybb/1.3-pre-1.0
version/mybb/1.04
version/mybb/1.4.0
version/mybb/1.4.1
version/mybb/1.4.2
version/mybb/1.4.3
version/mybb/1.4.4
version/mybb/1.4.5
version/mybb/1.4.6
version/mybb/1.4.7
version/mybb/1.4.8
version/mybb/1.4.9
version/mybb/1.4.10
version/mybb/1.4.11
version/mybb/1.4.12
version/mybb/1.4.13
version/mybb/1.4.14
version/mybb/1.4.15
version/mybb/1.4.16
version/mybb/1.5.1
version/mybb/1.5.2
version/mybb/1.6.0
version/mybb/1.6.1
version/mybb/1.6.2
version/mybb/1.6.3
version/mybb/1.6.4
version/mybb/1.6.5
version/mybb/1.6.6
version/mybb/1.6.7
version/mybb/1.6.8
version/mybb/1.6.9
version/mybb/1.6.10