header-logo
Suggest Exploit
vendor:
MyBB OUGC Feedback Plugin
by:
0xB9
6.1
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: MyBB OUGC Feedback Plugin
Affected Version From: 1.8.22
Affected Version To: 1.8.22
Patch Exists: YES
Related CWE: CVE-2021-28115
CPE: 2.3:a:mybb:mybb_ougc_feedback_plugin:1.8.22
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2021

MyBB OUGC Feedback Plugin 1.8.22 – Cross-Site Scripting

This plugin adds a feedback system to your forum. Edit feedback button is vulnerable to XSS. Go to a user profile, add feedback and leave the following payload as comment '><script>alert(1)</script>. When clicking Edit payload will execute.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
# Date: 1/30/2021
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1220
# Version: 1.8.22
# Tested on: Windows 10
# CVE: CVE-2021-28115

1. Description:
This plugin adds a feedback system to your forum. Edit feedback button is vulnerable to XSS.

2. Proof of Concept:

- Go to a user profile
- Add feedback and leave the following payload as comment   "><script>alert(1)</script>
- View the feedback feedback.php?uid=2 
- When clicking Edit payload will execute

Navigation

Suggest Exploit

Services By CQR