CVE-2018-25132

MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Productos afectados

zainali99 · MyBB Trending Widget Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/zainali99/trends-widget https://www.exploit-db.com/exploits/49504 https://www.vulncheck.com/advisories/mybb-trending-widget-plugin-cross-site-scripting