Unrated severityNVD Advisory· Published May 2, 2008· Updated Apr 23, 2026

CVE-2008-2066

Description

Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

Affected products

Minibb/Minibb
cpe:2.3:a:minibb:minibb:2.2a:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/28957nvdExploit
secunia.com/advisories/30004nvdVendor Advisory
osvdb.org/95122nvd
seclists.org/fulldisclosure/2013/Jul/102nvd
securityreason.com/securityalert/3846nvd
www.minibb.com/download.phpnvd
www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.htmlnvd
www.securityfocus.com/archive/1/491375/100/0/threadednvd
www.securityfocus.com/bid/61116nvd
exchange.xforce.ibmcloud.com/vulnerabilities/42076nvd
www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000