Описание
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mybb:ban_list:1.0:*:*:*:*:mybb:*:*
EPSS
Процентиль: 41%
0.00192
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
EPSS
Процентиль: 41%
0.00192
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79