MyBB XSS Cross-Site Scripting Vulnerability Key Information Date: 2006-01-02 Risk: Low Remote: Yes Exploit: - CVE: CVE-2005-4603 - CWE: CWE-79 CVSS Base Score: 4.3/10 - Risk: Low Impact Subscore: 2.9/10 Exploitability Subscore: 8.6/10 Exploit Range: Remote Attack Complexity: Medium Authentication: No required Integrity Impact: Partial Availability Impact: None Description This is a security bug in script of MyBB (all versions also fully patched) that allows XSS cross-site scripting hacking. This vulnerability can be exploited without limitation. The exploit involves posting a message on a thread and then going to the print view of the thread to view the execution of the exploit. This bug is due to poor checking of in view of a topic and can exploit without any limitation against cookies. `` printthread.php` script of MyBB. No authentication is required to exploit this vulnerability. The vulnerability can be exploited via remote means and has a medium level of risk. Reference: CVSS Base Score: 4.3/10, CVE-2005-4603, CWE-79.