Lucene search

MyBB My Arcade 1.3 Cross Site Scripting

🗓️ 27 Feb 2018 00:00:00Reported by 0xB9Type

packetstorm🔗 packetstormsecurity.com👁 17 Views

MyBB My Arcade Plugin v1.3 Persistent XSS vulnerability The My Arcade plugin allows users to play arcade games, record scores, and add comments, but it is vulnerable to persistent XSS attacks. Update to version 1.3.1.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`# Exploit Title: MyBB My Arcade Plugin v1.3 - Persistent XSS  
# Date: 2/21/2018  
# Author: 0xB9  
# Contact: luxorforums.com/User-0xB9 or 0xB9[at]protonmail.com  
# Software Link: https://community.mybb.com/mods.php?action=view&pid=411  
# Version: 1.3  
# Tested on: Ubuntu 17.10  
  
  
1. Description:  
The My Arcade plugin adds a page of arcade games and keeps track of user scores, also allowing users to add a comment next to their score. The comment box is vulnerable to a persistent XSS.  
  
  
2. Proof of Concept:  
  
Persistent XSS  
- Play an arcade game  
- Add the following comment to your score <p """><SCRIPT>alert("XSS")</SCRIPT>">  
- Edit the comment, Boom.  
  
  
3. Solution:  
Update to 1.3.1  
Patch: https://github.com/PaulBender/My-Arcade/commit/4ee2a2e8d245defb94930c2c377e78ddfb0fcc94  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Feb 2018 00:00Current

7.1High risk

Vulners AI Score7.1