First published: Mon Nov 21 2022(Updated: )
MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <1.8.32 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this MyBB issue is CVE-2022-43708.
The severity of CVE-2022-43708 is Medium.
The affected software version for CVE-2022-43708 is MyBB 1.8.31 up to exclusive 1.8.32.
The CWE category for CVE-2022-43708 is CWE-79.
Attackers can exploit CVE-2022-43708 by persuading the user to upload a file with a specially crafted name, which allows them to inject HTML via cross-site scripting (XSS) vulnerabilities in the post Attachments interface.