CVE-2013-7275

Name: CVE-2013-7275
Creator: NVD / NIST
Published: 2014-01-08T15:29:56.807+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.88%

Last modified Jun 17, 2026

CVE-2013-7275 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.. EPSS estimates a 1.88% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.

Metrics

EPSS Probability

1.88%

76.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions	Update
Mybb	Mybb	<= 1.6.11	—
Mybb	Mybb	1.00	—
Mybb	Mybb	1.0	Beta4
Mybb	Mybb	1.01	—
Mybb	Mybb	1.1.0	—
Mybb	Mybb	1.1.1	—
Mybb	Mybb	1.1.2	—
Mybb	Mybb	1.1.3	—
Mybb	Mybb	1.1.4	—
Mybb	Mybb	1.1.5	—
Mybb	Mybb	1.1.6	—
Mybb	Mybb	1.1.7	—
Mybb	Mybb	1.1.8	—
Mybb	Mybb	1.02	—
Mybb	Mybb	1.2	—
Mybb	Mybb	1.2.0	—
Mybb	Mybb	1.2.1	—
Mybb	Mybb	1.2.2	—
Mybb	Mybb	1.2.3	—
Mybb	Mybb	1.2.4	—
Mybb	Mybb	1.2.5	—
Mybb	Mybb	1.2.6	—
Mybb	Mybb	1.2.7	—
Mybb	Mybb	1.2.8	—
Mybb	Mybb	1.2.9	—
Mybb	Mybb	1.2.10	—
Mybb	Mybb	1.2.11	—
Mybb	Mybb	1.2.12	—
Mybb	Mybb	1.2.13	—
Mybb	Mybb	1.2.14	—
Mybb	Mybb	1.03	—
Mybb	Mybb	1.3	Pre-1.0
Mybb	Mybb	1.04	—
Mybb	Mybb	1.4.0	—
Mybb	Mybb	1.4.1	—
Mybb	Mybb	1.4.2	—
Mybb	Mybb	1.4.3	—
Mybb	Mybb	1.4.4	—
Mybb	Mybb	1.4.5	—
Mybb	Mybb	1.4.6	—
Mybb	Mybb	1.4.7	—
Mybb	Mybb	1.4.8	—
Mybb	Mybb	1.4.9	—
Mybb	Mybb	1.4.10	—
Mybb	Mybb	1.4.11	—
Mybb	Mybb	1.4.12	—
Mybb	Mybb	1.4.13	—
Mybb	Mybb	1.4.14	—
Mybb	Mybb	1.4.15	—
Mybb	Mybb	1.4.16	—

Showing 50 of 63 affected configurations. See NVD for the full list.

References

http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-releaseVendor Advisory
http://osvdb.org/101545
http://secunia.com/advisories/55945Vendor Advisory
http://www.securityfocus.com/bid/64570
https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8Exploit, Patch
http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-releaseVendor Advisory
http://osvdb.org/101545
http://secunia.com/advisories/55945Vendor Advisory
http://www.securityfocus.com/bid/64570
https://github.com/mybb/mybb/commit/6212bc954d72caf591e141ca36b8df964387bee8Exploit, Patch

Timeline

Published: Jan 8, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-7275?

How severe is CVE-2013-7275?

Severity scoring for CVE-2013-7275 is pending analysis. The EPSS model estimates a 1.88% probability of exploitation in the next 30 days.

How do I fix CVE-2013-7275?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-7275?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST