Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
References
Link Resource
https://github.com/joelister/bug/issues/2 Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-31T13:16:35

Updated: 2021-08-31T13:16:35

Reserved: 2020-08-13T00:00:00


Link: CVE-2020-19049

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-08-31T14:15:25.390

Modified: 2021-09-07T20:45:48.423


Link: CVE-2020-19049

JSON object: View

cve-icon Redhat Information

No data.

CWE