CVE-2018-25116

MEDIUM

MyBB Thread Redirect Plugin 0.2.1 - XSS

Title source: llm

Description

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.

Exploits (1)

exploitdb WORKING POC

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/49505

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49505

[Various Sources] https://github.com/jamiesage123/Thread-Redirect

[Third Party Advisory] https://www.vulncheck.com/advisories/mybb-thread-redirect-plugin-cross-site-scripting

Scores

CVSS v3 6.1

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

mybb/thread_redirect 0.2.1

Published Jan 23, 2026

Tracked Since Feb 18, 2026