Vulnerability Description
inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thank You\/Like Project | Thank You\/Like | < 3.1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/148871/MyBB-Thank-You-Like-3.0.0-Cross-SiteExploitThird Party AdvisoryVDB Entry
- https://community.mybb.com/mods.php?action=changelog&pid=360Vendor Advisory
- https://github.com/mybbgroup/MyBB_Thank-you-like-plugin/pull/199PatchThird Party Advisory
- https://www.exploit-db.com/exploits/45178/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/148871/MyBB-Thank-You-Like-3.0.0-Cross-SiteExploitThird Party AdvisoryVDB Entry
- https://community.mybb.com/mods.php?action=changelog&pid=360Vendor Advisory
- https://github.com/mybbgroup/MyBB_Thank-you-like-plugin/pull/199PatchThird Party Advisory
- https://www.exploit-db.com/exploits/45178/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-14888?
CVE-2018-14888 is a vulnerability with a CVSS score of 6.1 (MEDIUM). inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject.
How severe is CVE-2018-14888?
CVE-2018-14888 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14888?
Check the references section above for vendor advisories and patch information. Affected products include: Thank You\/Like Project Thank You\/Like.