PT-2026-4501 · Mybb · Thread Redirect
Published
2026-01-23
·
Updated
2026-01-23
·
CVE-2018-25116
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MyBB Thread Redirect plugin version 0.2.1
Description
The MyBB Thread Redirect plugin contains a cross-site scripting issue in the custom text input field used for thread redirects. Attackers can inject malicious SVG scripts that execute when other users view the thread, enabling arbitrary script execution.
Recommendations
Update to a newer version of the MyBB Thread Redirect plugin that addresses this issue. As a temporary workaround, sanitize all user-provided input for thread redirects.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thread Redirect