PT-2018-13106 · Mybb · Mybb
0Xb9
·
Published
2018-08-28
·
Updated
2018-11-08
·
CVE-2018-15596
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB version 1.8.17
Description
An issue was discovered in the forum RSS Syndication page, where thread titles within title elements of the generated XML documents aren't sanitized, leading to XSS. This can be exploited by generating a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15.
Recommendations
For MyBB version 1.8.17, update to a newer version that addresses this issue, as the current version allows for XSS attacks due to unsanitized thread titles in the RSS Syndication page.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mybb