CVE-2022-28353

Name of the Vulnerable Software and Affected Versions External Redirect Warning Plugin version 1.3 for MyBB

Description The issue concerns a problem where the redirect URL, also known as external.php?url=, is susceptible to XSS. This means an attacker could potentially inject malicious scripts into the website, affecting users who interact with the vulnerable redirect URL.

Recommendations For External Redirect Warning Plugin version 1.3, consider disabling the external.php endpoint until a patch is available to prevent potential XSS attacks. Restrict access to the external.php?url= parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.