Vulnerability Details CVE-2021-28115
The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/161746/MyBB-OUGC-Feedback-1.8.22-Cross-Site-Scripting.html
- https://github.com/Sama34/OUGC-Feedback/pull/31/commits/ceef7c06359e5dcbaffe90a40884265c5754068c
- http://packetstormsecurity.com/files/161746/MyBB-OUGC-Feedback-1.8.22-Cross-Site-Scripting.html
- https://github.com/Sama34/OUGC-Feedback/pull/31/commits/ceef7c06359e5dcbaffe90a40884265c5754068c
Products affected by CVE-2021-28115
-
cpe:2.3:a:ougc_feedback_project:ougc_feedback:1.8.19
-
cpe:2.3:a:ougc_feedback_project:ougc_feedback:1.8.22