PT-2018-9976 · Mybb · Latest Posts On Profile+1

0Xb9

Published

2018-05-11

Updated

2018-06-14

CVE-2018-10580

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: MyBB "Latest Posts on Profile" plugin version 1.1

Description: The issue arises from the lack of sanitization in the tsubject field, which is used to display a user's most recent posts on their profile. This allows for XSS attacks.

Recommendations: For MyBB "Latest Posts on Profile" plugin version 1.1, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the user profile section that displays recent posts to minimize the risk of XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-10580

PT-2018-9976 · Mybb · Latest Posts On Profile+1

CVE-2018-10580

Weakness Enumeration

Related Identifiers

Affected Products

References · 4