CVE-2018-25309
HIGHMyBB Recent threads 17.0 Persistent Cross-Site Scripting
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2018-25309. PoCs published by Perileos.
AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in the MyBB Recent threads plugin (version 17.0) by injecting malicious JavaScript into a thread subject, which executes when viewed on the forum index.
Description
MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browsers of all users viewing the index page.
Exploits (1)
This exploit demonstrates a persistent XSS vulnerability in the MyBB Recent threads plugin (version 17.0) by injecting malicious JavaScript into a thread subject, which executes when viewed on the forum index.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N