In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/46347 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-18T19:30:29
Updated: 2019-03-18T19:30:29
Reserved: 2018-07-28T00:00:00
Link: CVE-2018-14724
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-21T16:00:20.827
Modified: 2019-03-26T14:57:13.593
Link: CVE-2018-14724
JSON object: View
Redhat Information
No data.
CWE