Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MyBB 'functions.php'跨站脚本执行漏洞
Vulnerability Description
MyBB是一款流行的Web论坛程序。 MyBB中的脚本文件functions.php中重定向功能存在跨站脚本攻击漏洞。MyBB moderation.php文件中的redirect()函数使用AJAX开关允许JavaScript重新定向,如果用户在请求中包含有 htmlspecialchars无法转义的单引号的话,就可以执行跨站脚本攻击,导致以提升的权限执行任意操作,包括PHP和SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A