Impact
User input attached to CSRF token-protected POST requests, inserted into hidden form fields on custom Moderator Tools action confirmation pages, is not properly sanitized, leading to a reflected XSS vulnerability.
Indirect controls, including the anti-CSRF token, and the SameSite Cookie Flag (enabled by default) reduce the likelihood of successful exploitation.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Patches
MyBB 1.8.26 resolves this issue with the following changes:
References
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.
Impact
User input attached to CSRF token-protected POST requests, inserted into hidden form fields on custom Moderator Tools action confirmation pages, is not properly sanitized, leading to a reflected XSS vulnerability.
Indirect controls, including the anti-CSRF token, and the SameSite Cookie Flag (enabled by default) reduce the likelihood of successful exploitation.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Patches
MyBB 1.8.26 resolves this issue with the following changes:
.patch
: https://github.com/mybb/mybb/commit/bddb6943d799cf21535a90526c2735dd8e33c4b2.patchReferences
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.