First published: Tue Aug 31 2021(Updated: )
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | =1.8.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-19049.
The severity of CVE-2020-19049 is medium (5.4).
The affected software for CVE-2020-19049 is MyBB v1.8.20.
The vulnerability in MyBB v1.8.20 occurs due to Cross Site Scripting (XSS) where remote attackers can inject arbitrary web script or HTML via the 'Description' field in the 'Add New Forum' page by performing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
You can find more information about CVE-2020-19049 at the following URL: https://github.com/joelister/bug/issues/2