CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-25247

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.8%

CVSS Severity

CVSS v3 Score 6.1

References

https://community.mybb.com/mods.php?action=view&pid=360
https://www.exploit-db.com/exploits/45179
https://www.vulncheck.com/advisories/mybb-like-plugin-cross-site-scripting-via-user-profiles

Products affected by CVE-2018-25247

Mybb » Thankyou/like System » Version: Any

cpe:2.3:a:mybb:thankyou/like_system:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25247

Products

Pricing

Contact Us