VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 27, 2008· Updated Apr 23, 2026

CVE-2008-3334

CVE-2008-3334

Description

Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

MyBB 1.2.x before 1.2.14 has an XSS vulnerability in search.php allowing arbitrary script injection.

Vulnerability

MyBB versions 1.2.x prior to 1.2.14 contain a cross-site scripting (XSS) vulnerability, possibly in search.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The exact parameter or input is not disclosed in the available references [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL or input that triggers the XSS when visited by a user. No authentication is required, as the attack can be performed remotely. The attacker must trick a user into interacting with the crafted link.

Impact

Successful exploitation leads to arbitrary JavaScript execution in the context of the affected site, potentially allowing session hijacking, credential theft, or defacement [1].

Mitigation

The vulnerability is fixed in MyBB 1.2.14, released on July 27, 2008 [1]. Users should upgrade immediately. There are no known workarounds.

References
  1. Free and Open Source Forum Software

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

29
  • MyBB/Mybb29 versions
    cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*range: <=1.2.13
    • cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.02:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.03:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.04:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mybb:mybb:1.2.9:*:*:*:*:*:*:*
    • (no CPE)range: >= 1.2.x < 1.2.14

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.