MyBB 1.6.2 Stored XSS Vulnerability

2011-02-23 19:15:13

MyBB Recent Topics Stored XSS Vulnerability
Version: MyBB 1.6.2
Plugin Page: http://mods.mybb.com/view/recent-topics-on-index-page
Found by: Xinapse
Site: http://www.iexploit.org
Risk: Medium/High

Description: By creating a thread with your XSS code as the title any user
with any level of privellages can cause XSS on the index.php main page.
For example: <script>alert('xss')</script>

Shouts: Semtex, Chronic, Bursihido, D0wngrade, George

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.