PT-2018-10564 · Mybb · Moderator Log Notes Plugin

Publicado

2018-05-28

Atualizado

2018-06-28

CVE-2018-11430

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Moderator Log Notes plugin version 1.1 for MyBB

Description An issue was discovered in the Moderator Log Notes plugin, allowing for XSS attacks. The XSS is located in the mod notes textarea, which can be exploited to execute malicious scripts.

Recommendations For Moderator Log Notes plugin version 1.1, consider disabling the mod notes textarea until a patch is available to prevent potential XSS attacks.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-11430

Produtos afetados

Moderator Log Notes Plugin

PT-2018-10564 · Mybb · Moderator Log Notes Plugin

CVE-2018-11430

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3