Advertisement






MyBB Trending Widget Plugin 1.2 Cross-Site Scripting

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021020049

Below is a copy:

MyBB Trending Widget Plugin 1.2 Cross-Site Scripting
# Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
# Date: 11/28/2018
# Author: 0xB9
# Software Link: https://github.com/zainali99/trends-widget
# Version: 1.2
# Tested on: Windows 10

1. Description:
This plugin shows the most trending threads. Trending thread titles aren't sanitized to user input.

2. Proof of Concept:

- Have a trending thread in the widget
- Change the thread title to a payload   <script>alert('XSS')</script>
Anyone that visits the forum will execute payload

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.