CVE-2018-15596

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.17

Description An issue was discovered in the forum RSS Syndication page, where thread titles within title elements of the generated XML documents aren't sanitized, leading to XSS. This can be exploited by generating a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15.

Recommendations For MyBB version 1.8.17, update to a newer version that addresses this issue, as the current version allows for XSS attacks due to unsanitized thread titles in the RSS Syndication page.