CVE-2015-8975: XSS
First published: Tue Jan 31 2017(Updated: )
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MyBB | =1.8.5 | |
| MyBB | <=1.6.17 | |
| MyBB | =1.8.0 | |
| MyBB | =1.8.1 | |
| MyBB | =1.8.2 | |
| MyBB | =1.8.3 | |
| MyBB | =1.8.4 | |
| MyBB | =1.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-8975?
CVE-2015-8975 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2015-8975?
To fix CVE-2015-8975, update MyBB to version 1.6.18 or 1.8.6 or later.
What versions of MyBB are affected by CVE-2015-8975?
CVE-2015-8975 affects MyBB versions prior to 1.6.18 and 1.8.x before 1.8.6.
Can CVE-2015-8975 lead to data theft?
Yes, CVE-2015-8975 could enable remote attackers to inject malicious scripts that may result in data theft.
Is the MyBB Merge System affected by CVE-2015-8975?
Yes, the MyBB Merge System is affected, specifically versions before 1.8.6.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mybb
- canonical/mybb
- version/mybb/1.8.5
- version/mybb/1.6.17
- version/mybb/1.8.0
- version/mybb/1.8.1
- version/mybb/1.8.2
- version/mybb/1.8.3
- version/mybb/1.8.4