Advertisement






MyBB Trending Widget Plugin 1.2 Cross-Site Scripting

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021020049

Below is a copy:

MyBB Trending Widget Plugin 1.2 Cross-Site Scripting
# Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
# Date: 11/28/2018
# Author: 0xB9
# Software Link: https://github.com/zainali99/trends-widget
# Version: 1.2
# Tested on: Windows 10

1. Description:
This plugin shows the most trending threads. Trending thread titles aren't sanitized to user input.

2. Proof of Concept:

- Have a trending thread in the widget
- Change the thread title to a payload   <script>alert('XSS')</script>
Anyone that visits the forum will execute payload

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum