PT-2018-10564 · Mybb · Moderator Log Notes Plugin

Published

2018-05-28

Updated

2018-06-28

CVE-2018-11430

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Moderator Log Notes plugin version 1.1 for MyBB

Description An issue was discovered in the Moderator Log Notes plugin, allowing for XSS attacks. The XSS is located in the mod notes textarea, which can be exploited to execute malicious scripts.

Recommendations For Moderator Log Notes plugin version 1.1, consider disabling the mod notes textarea until a patch is available to prevent potential XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-11430

Affected Products

Moderator Log Notes Plugin

PT-2018-10564 · Mybb · Moderator Log Notes Plugin

CVE-2018-11430

Weakness Enumeration

Related Identifiers

Affected Products

References · 3