CVE-2018-25247
EUVD-2018-2174604.04.2026, 14:16
MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that displays the attacker's liked posts, the unsanitized subject is rendered, executing the script in the viewer's browser.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mybb | thankyou/like_system | 𝑥 ≤ 3.0.0 |
𝑥
= Vulnerable software versions