CVE-2018-25132

MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

zainali99 · MyBB Trending Widget Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/zainali99/trends-widget https://www.exploit-db.com/exploits/49504 https://www.vulncheck.com/advisories/mybb-trending-widget-plugin-cross-site-scripting