Exploitation Summary
EIP tracks 1 public exploit for CVE-2017-16781. PoCs published by Pabstersac.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in MyBB's installer (versions up to 1.8.13) due to lack of HTML escaping in error messages. The PoC submits a malicious POST request with a payload in the database hostname field, triggering JavaScript execution when the error is displayed.
Description
The installer in MyBB before 1.8.13 has XSS.
Exploits (1)
This exploit demonstrates a stored XSS vulnerability in MyBB's installer (versions up to 1.8.13) due to lack of HTML escaping in error messages. The PoC submits a malicious POST request with a payload in the database hostname field, triggering JavaScript execution when the error is displayed.
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N