[原文]Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
MyBulletinBoard (MyBB) calendar.php Advanced Details Link XSS
Remote / Network Access
Loss of Integrity
MyBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "advanced details" upon submission to the calendar.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.