← back
CVE-2018-25116

MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
jamiesage123 · MyBB Thread Redirect Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jamiesage123/Thread-Redirecthttps://www.exploit-db.com/exploits/49505https://www.vulncheck.com/advisories/mybb-thread-redirect-plugin-cross-site-scripting