Latest Posts On Profile
Monthly
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.