Hello, somebody some how has found a xss vulnerability in version 1.6.3 of mybb
I had threads being created in my name on the site that wasnt me.
Please can somebody explain if there having a similar problem?
This doesn't sound like a XSS vulnerability at all. Are you sure that someone didn't just got access into your admin account?
There are currently no known vulnerabilities that would allow this, I have moved your post to general support so we can help you track down the cause.
Can you please provide us with a link to your forum and also list any plugins you're running.
Are you running the latest version of MyBB?
Yes im 100% sure they didnt, the title of the thread was along these lines.
<script>somerandomcodehere</script>
In the title of the thread, in anger i deleted the thread or i would show you the exact code.
Im running the latest version of mybb yes, and ok i will send it you in a PM. as i dont want to make public that my site has xss vulnerabilities
Have you enabled HTML in that forum?
And as Tim B. already asked, what plugins do you have installed?
do you meen have i enabled html in posts? if so yes.
Well there's your problem. You need to disable that on all forums. It's a huge security risk.
That would be the problem
If you a lot of forums where HTML is enabled, follow these steps to easily disable it from all forums:
1. Execute this SQL query (in phpMyAdmin or a similar database manager):
UPDATE `mybb_forums` SET `allowhtml` = '0'
2. Go to Admin CP > Tools & Maintenance > Cache Manager > forums > Rebuild Cache.
Yh ive disabled html in all now, thanks for your help ill be back if it doesnt solve the issue.