GHSA-hc3q-25wm-mcp8

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

MyBB before 1.8.24 allows XSS because the visual editor mishandles [align], [size], [quote], and [font] in MyCode.

Ссылки

https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj
https://nvd.nist.gov/vuln/detail/CVE-2020-17447
https://blog.mybb.com/2020/08/09/mybb-1-8-24-released-security-release

CVE ID

CVE-2020-17447

Связанные уязвимости

CVE-2020-17447

nvd

больше 5 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-15139. Reason: This candidate is a duplicate of CVE-2020-15139. Notes: All CVE users should reference CVE-2020-15139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

CVE ID

CVE-2020-17447