In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
References
Link Resource
https://www.exploit-db.com/exploits/46347 Exploit Third Party Advisory VDB Entry
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-18T19:30:29

Updated: 2019-03-18T19:30:29

Reserved: 2018-07-28T00:00:00


Link: CVE-2018-14724

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2019-03-21T16:00:20.827

Modified: 2019-03-26T14:57:13.593


Link: CVE-2018-14724

JSON object: View

cve-icon Redhat Information

No data.

CWE