exploitDog

CVE-2019-12830

Опубликовано: 15 июн. 2019

Источник: nvd

CVSS3: 8.7

CVSS2: 3.5

EPSS Низкий

Описание

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.

Ссылки

https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/
Release Notes
Third Party Advisory
https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/
Exploit
Vendor Advisory
https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/
Release Notes
Third Party Advisory
https://blog.ripstech.com/2019/mybb-stored-xss-to-rce/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*

Версия до 1.8.21 (исключая)

EPSS

Процентиль: 57%

0.00348

Низкий

8.7 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h3wx-4w3j-grr9

CVSS3: 8.7

github

больше 3 лет назад

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.

EPSS

Процентиль: 57%

0.00348

Низкий

8.7 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79