CVE-2018-14724

Name of the Vulnerable Software and Affected Versions Ban List plugin version 1.0 for MyBB

Description The issue allows any forum user with mod privileges to input an XSS payload into the ban reason. This payload is then executed on the bans.php page, potentially leading to malicious script execution.

Recommendations For Ban List plugin version 1.0, consider disabling the ability for mod-privileged users to input custom ban reasons until a patch is available to prevent XSS payload execution. Restrict access to the bans.php page to minimize the risk of exploitation.