CVE-2023-27890

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27890
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-Scripting.html Third Party Advisory VDB Entry
https://community.mybb.com/mods.php?action=view&pid=1408 Broken Link
https://community.mybb.com/user-121250.html Permissions Required
http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-Scripting.html Third Party Advisory VDB Entry
https://community.mybb.com/mods.php?action=view&pid=1408 Broken Link
https://community.mybb.com/user-121250.html Permissions Required
Configurations

Configuration 1 (hide)

cpe:2.3:a:export_user_project:export_user:*:*:*:*:*:mybb:*:*
History

21 Nov 2024, 07:53

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry
References () https://community.mybb.com/mods.php?action=view&pid=1408 - Broken Link () https://community.mybb.com/mods.php?action=view&pid=1408 - Broken Link
References () https://community.mybb.com/user-121250.html - Permissions Required () https://community.mybb.com/user-121250.html - Permissions Required

07 Nov 2023, 04:10

Type Values Removed Values Added
Summary ** UNSUPPORTED WHEN ASSIGNED ** The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

21 Apr 2023, 20:05

Type Values Removed Values Added
First Time Export User Project export User
Export User Project
References (MISC) https://community.mybb.com/mods.php?action=view&pid=1408 - (MISC) https://community.mybb.com/mods.php?action=view&pid=1408 - Broken Link
References (MISC) http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-Scripting.html - (MISC) http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry
References (MISC) https://community.mybb.com/user-121250.html - (MISC) https://community.mybb.com/user-121250.html - Permissions Required
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4
CWE CWE-79
CPE cpe:2.3:a:export_user_project:export_user:*:*:*:*:*:mybb:*:*

14 Apr 2023, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-14 01:15

Updated : 2024-11-21 07:53

NVD link : CVE-2023-27890

Mitre link : CVE-2023-27890

CVE.ORG link : CVE-2023-27890

JSON object : View

Products Affected

export_user_project

  • export_user
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')