CVE-2014-9241: XSS
First published: Wed Dec 03 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MyBB | =1.8.0 | |
| MyBB | =1.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-9241?
CVE-2014-9241 has a medium severity rating due to its potential for exploitation via cross-site scripting attacks.
How do I fix CVE-2014-9241?
To fix CVE-2014-9241, upgrade MyBB to version 1.8.2 or later, which includes patches for these vulnerabilities.
Which versions of MyBB are affected by CVE-2014-9241?
CVE-2014-9241 affects MyBB versions 1.8.0 and 1.8.1.
What types of attacks can exploit CVE-2014-9241?
CVE-2014-9241 can be exploited to conduct cross-site scripting (XSS) attacks, allowing attackers to inject malicious scripts into web pages.
Are there any known exploits for CVE-2014-9241?
Yes, CVE-2014-9241 is known to be exploitable by injecting arbitrary web scripts or HTML through specific parameters in MyBB.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/remedy
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/mybb
- canonical/mybb
- version/mybb/1.8.0
- version/mybb/1.8.1