3 matches found
CVE-2018-25248
The CVE-2018-25248 entry concerns the MyBB Downloads Plugin 2.0.3, which is affected by a persistent cross-site scripting (XSS) vulnerability in the download title field. The issue allows regular members to submit a new download containing HTML/JavaScript code in the title parameter, which is exe...
PT-2026-30368
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...
MyBB Downloads 2.0.3 Cross Site Scripting
Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Date: 3/28/18 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on: Ubuntu 17.10 1. Description: It is a plugin which add...