First published: Mon Apr 24 2023(Updated: )
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Active Threads | =1.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this MyBB Active Threads Plugin vulnerability is CVE-2022-28354.
The title of this vulnerability is 'In the Active Threads Plugin 1.3.0 for MyBB the activethreads.php date parameter is vulnerable to XSS'.
The affected software for this vulnerability is MyBB Active Threads Plugin version 1.3.0.
The severity of CVE-2022-28354 is medium with a severity value of 6.1.
To fix the MyBB Active Threads Plugin vulnerability, update to a version that is not affected by the vulnerability.