ID:6158 - Exploit for Cross-site scripting in MyBB - CVE-2018-15596

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:6158 - Exploit for Cross-site scripting in MyBB - CVE-2018-15596

ID:6158 - Exploit for Cross-site scripting in MyBB - CVE-2018-15596

Published: June 17, 2021


Vulnerability identifier: #VU36761
Vulnerability risk: Low
CVE-ID: CVE-2018-15596
CWE-ID: CWE-79
Exploitation vector: Remote access
Vulnerable software:
MyBB

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.


Remediation

Install update from vendor's website.