Advertisement






MyBB OUGC Feedback 1.8.22 Cross Site Scripting

CVE Category Price Severity
CVE-2021-28115 CWE-79 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2021-03-15
CPE
cpe:cpe:/a:mybb:ougc_feedback:1.8.22
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021030077

Below is a copy:

MyBB OUGC Feedback 1.8.22 Cross Site Scripting
# Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
# Date: 1/30/2021
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1220
# Version: 1.8.22
# Tested on: Windows 10
# CVE: CVE-2021-28115

1. Description:
This plugin adds a feedback system to your forum. Edit feedback button is vulnerable to XSS.

2. Proof of Concept:

- Go to a user profile
- Add feedback and leave the following payload as comment   "><script>alert(1)</script>
- View the feedback feedback.php?uid=2 
- When clicking Edit payload will execute

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.