Authors:0XB9 Risk：High CVE：CVE-2018-10365 0day:Cross-Site Scripting 0day -id:0DAY-176106 Date：2018-04-27
A problem was found in MyBB Threads to Link Plugin 1.3 Plugin 1.4.5. Cross-Site Scripting exists in the name field.
# Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS # Date: 3/15/2018 # Author: 0xB9 # Contact: luxorforums.com/User-0xB9 or 0xB9[at]protonmail.com # Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 # Version: v1.3 # Tested on: Ubuntu 17.10 CVE: CVE-2018-10365 Persistent XSS - Edit a thread or post you've made - At the bottom of the edit page in the Thread Link box input the following <a """><SCRIPT>alert("XSS")</SCRIPT>"> - Now visit the forum your thread/post exists in to see the alert.
The plugin has since been removed after notifying the author.
Patch in line 83: $thread['tlink'] = ($thread['tlink']); to $thread['tlink'] = htmlspecialchars_uni($thread['tlink']);