NVD

Id
4717  
Name
CVE-2008-4928  
Description
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-03  
Published
2008-11-04  
Modified Date
2011-03-07  
Seq
2008-4928  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
29473 4717 CVE-2008-4928 20081027 MyBB 1.4.2: Multiple Vulnerabilties  View
29474 4717 CVE-2008-4928 20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties  View
29475 4717 CVE-2008-4928 20081027 MyBB 1.4.2: Multiple Vulnerabilties  View
29476 4717 CVE-2008-4928 [oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)  View
29477 4717 CVE-2008-4928 31935  View
29478 4717 CVE-2008-4928 ADV-2008-2967  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
49712 JVNDB-2008-005022 MyBB の functions.php におけるクロスサイトスクリプティングの脆弱性 MyBB の functions.php の redirect 関数は、JavaScript リダイレクトをリクエストするにあたり、ajax オプションを使用する不備があるため、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-4928 35041 CVE-2008-4928 4717 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005022.html 2008-11-04 2012-09-25 View