VULHUB ™

miniBB is prone to an HTML injection vulnerability. This issue could permit registered users to inject hostile HTML and script code into the 'website name' field of their user profile, which would be rendered by other web users when the user profile is viewed. This could be exploited to steal cookie-based authentication credentials. It is also possible to use this type of vulnerability as an attack vector to exploit latent browser security flaws.

miniBB is prone to an HTML injection vulnerability. This issue could permit registered users to inject hostile HTML and script code into the 'website name' field of their user profile, which would be rendered by other web users when the user profile is viewed. This could be exploited to steal cookie-based authentication credentials. It is also possible to use this type of vulnerability as an attack vector to exploit latent browser security flaws.