CVE-2022-28354

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Active Threads Plugin version 1.3.0 for MyBB

Description The issue concerns an XSS vulnerability in the date parameter of the activethreads.php file when setting a time period. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For Active Threads Plugin version 1.3.0, consider restricting access to the activethreads.php file or avoiding the use of the date parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-28354

Affected Products

Active Threads Plugin

CVE-2022-28354

Weakness Enumeration

Related Identifiers

Affected Products

References · 6