CVE-2019-6979

Published January 28th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.

JeremyCrookshank/IP_History_Logs

This keeps a record of a users IP history as they use the website. This is useful for auditing fraud/ban evaders/general/when people start using VPNS/Proxys during their user activity. It can record every instance of a users IP when it changes and how often, the page they were viewing and their useragent.

GitHub