CVE-2015-8976: XSS
First published: Tue Jan 31 2017(Updated: )
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MyBB | =1.8.5 | |
| MyBB | <=1.6.17 | |
| MyBB | =1.8.0 | |
| MyBB | =1.8.1 | |
| MyBB | =1.8.2 | |
| MyBB | =1.8.3 | |
| MyBB | =1.8.4 | |
| MyBB | =1.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-8976?
CVE-2015-8976 is considered a medium severity vulnerability due to its potential to allow arbitrary web script injection.
How do I fix CVE-2015-8976?
To fix CVE-2015-8976, upgrade MyBB to version 1.6.18 or newer for the 1.6.x series, or to version 1.8.6 or newer for the 1.8.x series.
Who is affected by CVE-2015-8976?
CVE-2015-8976 affects MyBB versions prior to 1.6.18 and 1.8.x prior to 1.8.6, as well as the MyBB Merge System prior to 1.8.6.
What type of vulnerability is CVE-2015-8976?
CVE-2015-8976 is classified as a cross-site scripting (XSS) vulnerability.
What can an attacker do with CVE-2015-8976?
An attacker exploiting CVE-2015-8976 can inject arbitrary web scripts or HTML into the affected MyBB applications.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mybb
- canonical/mybb
- version/mybb/1.8.5
- version/mybb/1.6.17
- version/mybb/1.8.0
- version/mybb/1.8.1
- version/mybb/1.8.2
- version/mybb/1.8.3
- version/mybb/1.8.4