CVE-2013-7275
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
08/01/2014
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:* | 1.6.11 (including) | |
| cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.0:beta4:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.0:pr1:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.0:pr2:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release
- http://osvdb.org/101545
- http://secunia.com/advisories/55945
- http://www.securityfocus.com/bid/64570
- https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8
- http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release
- http://osvdb.org/101545
- http://secunia.com/advisories/55945
- http://www.securityfocus.com/bid/64570
- https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8