Posted by Steffen Rösemann on Feb 21

Advisory: Stored XSS-Vulnerabilities in MyBB v. 1.8.3
Advisory ID: SROEADV-2015-15
Author: Steffen Rösemann
Affected Software: MyBB v. 1.8.3
Vendor URL: http://www.mybb.com
Vendor Status: patched
CVE-ID: –

==========================
Vulnerability Description:
==========================

MyBB v. 1.8.3 suffers from multiple stored XSS-vulnerabilities in the
administrative backend.

==================
Technical Details:
==================

The…