First published: Tue Aug 31 2021(Updated: )
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | =1.8.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-19048 is a vulnerability in MyBB v1.8.20 that allows remote attackers to inject arbitrary web script or HTML via the "Title" field in the "Add New Forum" page.
CVE-2020-19048 has a severity rating of 5.4 (medium).
Remote attackers can exploit CVE-2020-19048 by performing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add' and injecting arbitrary web script or HTML in the "Title" field.
Yes, MyBB v1.8.20 is affected by CVE-2020-19048.
Yes, updating to a patched version of MyBB that addresses the vulnerability is the recommended fix for CVE-2020-19048.