Lucene search
0xB9PACKETSTORM:171421HistoryMar 22, 2023 - 12:00 a.m.
MyBB Export User 2.0 Cross Site Scripting
2023-03-2200:00:00
0xB9
packetstormsecurity.com
133
exploit
mybb
cross site scripting
data request
admin
windows 10
cve-2023-27890
0.002 Low
EPSS
Percentile
55.8%
`# Exploit Title: MyBB Export User Plugin 2.0 – Cross-Site Scripting
# Date: January 29, 2021
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1408
# Version: 2.0
# Tested On: Windows 10
# CVE: CVE-2023-27890
Description:
This plugin allows users to request their data to export. XSS occurs when admin is generating data for user.
Proof of Concept:
– As a regular user go to User CP -> Edit Profile
– Add a payload in Custom User Title, Location, or Bio <script>alert(1)</script>
– Request your data via User CP -> DSGVO data request
– Login as admin you will be notified a user wants their data
– When generating the users data their payload will execute
`
Related
prion
prion
Cross site scripting
2023-04-14 01:15:00
vulnrichment
vulnrichment
CVE-2023-27890
2023-04-14 00:00:00
cve
cve
CVE-2023-27890
2023-04-14 01:15:07
cvelist
cvelist
CVE-2023-27890
2023-04-14 00:00:00
nvd
nvd
CVE-2023-27890
2023-04-14 01:15:07