CVE-2018-25309

HIGH

MyBB Recent threads 17.0 Persistent Cross-Site Scripting

Title source: cna

Description

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browsers of all users viewing the index page.

Exploits (1)

exploitdb WORKING POC

by Perileos · textwebappsphp

https://www.exploit-db.com/exploits/44420

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44420

https://www.exploit-db.com/exploits/44420

Product product

Product Reference

https://community.mybb.com/mods.php?action=view&pid=191

Third Party Advisory third-party-advisory

VulnCheck Advisory: MyBB Recent threads 17.0 Persistent Cross-Site Scripting

https://www.vulncheck.com/advisories/mybb-recent-threads-persistent-cross-site-scripting

Scores

CVSS v3 7.2

EPSS 0.0003

EPSS Percentile 6.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

dragonexpert/recent_threads_on_index 17.0

mybb/MyBB Recent threads 17.0

Published Apr 29, 2026

Tracked Since Apr 30, 2026