Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php
Vulnerability Description
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators validate the download in downloads.php.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
MyBB(MyBulletinBoard) 跨站脚本漏洞
Vulnerability Description
MyBB(MyBulletinBoard)是MyBB团队的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB(MyBulletinBoard) 2.0.3版本存在跨站脚本漏洞,该漏洞源于下载标题字段未正确清理输入,可能导致普通成员通过下载标题参数注入恶意脚本。
CVSS Information
N/A
Vulnerability Type
N/A