Lucene search

[email protected]NVD:CVE-2022-28354

HistoryApr 24, 2023 - 9:15 p.m.

CVE-2022-28354

2023-04-2421:15:09

CWE-79

[email protected]

web.nvd.nist.gov

mybb

active threads plugin

xss

vulnerability

date parameter

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.9%

JSON

In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.

Affected configurations

Nvd

Node

mybbactive_threadsMatch1.3.0

VendorProductVersionCPE
mybbactive_threads1.3.0cpe:2.3:a:mybb:active_threads:1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybb	active_threads	1.3.0	cpe:2.3:a:mybb:active_threads:1.3.0:::::::*

References

packetstormsecurity.com/files/171402/MyBB-Active-Threads-1.3.0-Cross-Site-Scripting.html

community.mybb.com/mods.php?action=view&pid=1336

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.9%

JSON

Related for NVD:CVE-2022-28354

cvelist1 prion1 cve1 packetstorm1