Lucene search

[email protected]CVE-2018-10365

HistoryMay 01, 2018 - 4:29 p.m.

CVE-2018-10365

2018-05-0116:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-10365

xss

threads to link plugin

mybb

security issue

input sanitization

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.

Affected configurations

NVD

Node

threads_to_link_projectthreads_to_linkMatch1.3mybb

CPENameOperatorVersion
threads_to_link_project:threads_to_linkthreads to link project threads to linkeq1.3

CPE	Name	Operator	Version
threads_to_link_project:threads_to_link	threads to link project threads to link	eq	1.3

References

www.exploit-db.com/exploits/44547/

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for CVE-2018-10365

prion1 exploitpack1 cvelist1 nvd1 exploitdb1