Reddit: XSS via Mod Log Removed Posts

Summary: I have discovered an XSS vulnerability regarding the mod notes feature. Specifically, the XSS payload executes when the victim removes a post in a subreddit and opens up the mod notes of the attacker. Steps To Reproduce: 1. The attacker creates a new post with the title containing the XS...

CVE-2018-11502

The CVE-2018-11502 issue affects the MyBB Moderator Log Notes plugin (version 1.1) for MyBB. The vulnerability is a CSRF flaw that lets an attacker remotely delete all moderator notes and moderator-note logs stored in modCP and ACP. Root cause is cross-site request forgery in the plugin’s note ma...

CVE-2018-11430

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea...

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows...

MyBB Moderator Log Notes 1.1 Cross Site Scripting

Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows moderators to save notes and display them...