Lucene search

MitreCVE-2013-7275

HistoryJan 08, 2014 - 3:29 p.m.

CVE-2013-7275

2014-01-0815:29:56

CWE-79

mitre

web.nvd.nist.gov

cve-2013-7275

cross-site scripting

xss

mybb

mybulletinboard

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.

Affected configurations

Nvd

Node

mybbmybbRange≤1.6.11

mybbmybbMatch1.00

mybbmybbMatch1.0beta4

mybbmybbMatch1.0pr1

mybbmybbMatch1.0pr2

mybbmybbMatch1.0rc1

mybbmybbMatch1.0rc2

mybbmybbMatch1.0rc3

mybbmybbMatch1.0rc4

mybbmybbMatch1.01

mybbmybbMatch1.1.0

mybbmybbMatch1.1.1

mybbmybbMatch1.1.2

mybbmybbMatch1.1.3

mybbmybbMatch1.1.4

mybbmybbMatch1.1.5

mybbmybbMatch1.1.6

mybbmybbMatch1.1.7

mybbmybbMatch1.1.8

mybbmybbMatch1.02

mybbmybbMatch1.2

mybbmybbMatch1.2.0

mybbmybbMatch1.2.1

mybbmybbMatch1.2.2

mybbmybbMatch1.2.3

mybbmybbMatch1.2.4

mybbmybbMatch1.2.5

mybbmybbMatch1.2.6

mybbmybbMatch1.2.7

mybbmybbMatch1.2.8

mybbmybbMatch1.2.9

mybbmybbMatch1.2.10

mybbmybbMatch1.2.11

mybbmybbMatch1.2.12

mybbmybbMatch1.2.13

mybbmybbMatch1.2.14

mybbmybbMatch1.03

mybbmybbMatch1.3pre-1.0

mybbmybbMatch1.04

mybbmybbMatch1.4.0

mybbmybbMatch1.4.1

mybbmybbMatch1.4.2

mybbmybbMatch1.4.3

mybbmybbMatch1.4.4

mybbmybbMatch1.4.5

mybbmybbMatch1.4.6

mybbmybbMatch1.4.7

mybbmybbMatch1.4.8

mybbmybbMatch1.4.9

mybbmybbMatch1.4.10

mybbmybbMatch1.4.11

mybbmybbMatch1.4.12

mybbmybbMatch1.4.13

mybbmybbMatch1.4.14

mybbmybbMatch1.4.15

mybbmybbMatch1.4.16

mybbmybbMatch1.5.1

mybbmybbMatch1.5.2

mybbmybbMatch1.6.0

mybbmybbMatch1.6.1

mybbmybbMatch1.6.2

mybbmybbMatch1.6.3

mybbmybbMatch1.6.4

mybbmybbMatch1.6.5

mybbmybbMatch1.6.6

mybbmybbMatch1.6.7

mybbmybbMatch1.6.8

mybbmybbMatch1.6.9

mybbmybbMatch1.6.10

VendorProductVersionCPE
mybbmybb*cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*
mybbmybb1.00cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*
mybbmybb1.0cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:*
mybbmybb1.0cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:*
mybbmybb1.0cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:*
mybbmybb1.0cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:*
mybbmybb1.0cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:*
mybbmybb1.0cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:*
mybbmybb1.0cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:*
mybbmybb1.01cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybb	mybb	*	cpe:2.3:a:mybb:mybb::::::::
mybb	mybb	1.00	cpe:2.3:a:mybb:mybb:1.00:::::::*
mybb	mybb	1.0	cpe:2.3:a:mybb:mybb:1.0:beta4::::::
mybb	mybb	1.0	cpe:2.3:a:mybb:mybb:1.0:pr1::::::
mybb	mybb	1.0	cpe:2.3:a:mybb:mybb:1.0:pr2::::::
mybb	mybb	1.0	cpe:2.3:a:mybb:mybb:1.0:rc1::::::
mybb	mybb	1.0	cpe:2.3:a:mybb:mybb:1.0:rc2::::::
mybb	mybb	1.0	cpe:2.3:a:mybb:mybb:1.0:rc3::::::
mybb	mybb	1.0	cpe:2.3:a:mybb:mybb:1.0:rc4::::::
mybb	mybb	1.01	cpe:2.3:a:mybb:mybb:1.01:::::::*

Rows per page:

1-10 of 691

References

blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release

osvdb.org/101545

secunia.com/advisories/55945

www.securityfocus.com/bid/64570

github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Related for CVE-2013-7275