PT-2018-10048 · Mybb+1 · Mybb+1
Mayur Udiniya
·
Published
2018-05-13
·
Updated
2018-06-05
·
CVE-2018-10678
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB version 1.8.15
Description
The issue concerns the mishandling of 'target=" blank" rel="noopener"' in A elements by MyBB 1.8.15 when accessed with Microsoft Edge. This makes it easier for remote attackers to conduct redirection attacks.
Recommendations
For MyBB version 1.8.15, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edge
Mybb