← voltar
CVE-2018-25132

MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
zainali99 · MyBB Trending Widget Plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/zainali99/trends-widgethttps://www.exploit-db.com/exploits/49504https://www.vulncheck.com/advisories/mybb-trending-widget-plugin-cross-site-scripting