CVE-2018-25247

MEDIUM(6.1)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Risk Signal Score15/100 — NIEDRIG

CVSS 6.1 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.1

Technische Schwere

Beschreibung

MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that displays the attacker's liked posts, the unsanitized subject is rendered, executing the script in the viewer's browser.

Referenzen

https://community.mybb.com/mods.php?action=view&pid=360
https://www.exploit-db.com/exploits/45179
https://www.vulncheck.com/advisories/mybb-like-plugin-cross-site-scripting-via-u...