First published: Mon Mar 18 2019(Updated: )
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Ban List | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-14724.
The title of this vulnerability is 'In the Ban List plugin 1.0 for MyBB any forum user with mod privileges can ban users and input an XS…'
The severity of CVE-2018-14724 is medium, with a severity value of 5.4.
The affected software for CVE-2018-14724 is Mybb Ban List version 1.0.
To fix CVE-2018-14724, you should update to a version of the Ban List plugin that has addressed the vulnerability.