CVE-2008-3069
Description
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MyBB versions before 1.2.13 are vulnerable to multiple cross-site scripting (XSS) attacks via unspecified parameters in portal.php and inc/functions_post.php, allowing arbitrary script injection.
Vulnerability
MyBB versions prior to 1.2.13 contain multiple cross-site scripting (XSS) vulnerabilities in portal.php and inc/functions_post.php. The exact parameters are unspecified, but the flaws allow injection of arbitrary web script or HTML. [1][2]
Exploitation
An attacker can exploit these vulnerabilities by sending crafted requests to the affected pages with malicious script in the unspecified parameters. No authentication is required, as the vulnerable endpoints are publicly accessible. The attacker does not need any special privileges; user interaction is not required for the injection to occur, but the injected script executes in the context of the victim's browser when they view the affected page.
Impact
Successful exploitation allows remote attackers to inject arbitrary web script or HTML, leading to potential information disclosure, session hijacking, or defacement. The impact is limited to the browser context of the victim user.
Mitigation
The vulnerability is fixed in MyBB version 1.2.13. Users should upgrade to this version or later. No workarounds are documented in the available references. [1][2]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.