4 matches found
MyBB 1.8.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an...
MyBB 1.8.13 - Cross-Site Scripting
MyBB 1.8.13 - Cross-Site Scripting Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in...
CVE-2017-16781
creationtimestamp| type| source ---|---|--- 2017-11-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43137...
CVE-2017-16781
MyBB before 1.8.13 is vulnerable to a cross-site scripting (XSS) flaw in the installer. The issue arises from missing HTML escaping of the $error variable in /install/index.php (POST path), enabling an attacker-controlled payload to execute in the victim’s browser. A PoC demonstrates injecting HT...