First published: Sat Jun 15 2019(Updated: )
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <1.8.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-12830.
The severity of CVE-2019-12830 is high with a severity value of 8.7.
An attacker can exploit CVE-2019-12830 by exploiting a parsing flaw in the MyBB Private Message / Post renderer and injecting malicious code through the [video] BBCode, leading to persistent XSS.
The affected software version for CVE-2019-12830 is MyBB before 1.8.21.
To fix the vulnerability in MyBB before 1.8.21, it is recommended to upgrade to version 1.8.21 or later.