MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

EDB-ID: 44547
Author: 0xB9
Published: 2018-04-26
CVE: CVE-2018-10365
Type: Webapps
Platform: PHP
Aliases: N/A
Advisory/Source: N/A
Tags: Cross-Site Scripting (XSS)
Vulnerable App: Download Vulnerable Application

 # Date: 3/15/2018 
# Author: 0xB9
# Contact: or 0xB9[at]
# Software Link:
# Version: v1.3
# Tested on: Ubuntu 17.10
CVE: CVE-2018-10365

1. Description:
When editing a thread the user is given to the option to convert the thread to a link.

2. Proof of Concept:

Persistent XSS
- Edit a thread or post you've made
- At the bottom of the edit page in the Thread Link box input the following <a """><SCRIPT>alert("XSS")</SCRIPT>">
- Now visit the forum your thread/post exists in to see the alert.

3. Solution:
The plugin has since been removed after notifying the author.

Patch in line 83:
$thread['tlink'] = ($thread['tlink']);


$thread['tlink'] = htmlspecialchars_uni($thread['tlink']);

Related Posts