CVE-2018-25247 — MEDIUM (6.1)

Q: How severe is CVE-2018-25247?

CVE-2018-25247 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-25247?

Check the references section above for vendor advisories and patch information. Affected products include: Mybb Thankyou\/Like System.

Vulnerability Description

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mybb	Thankyou\/Like System	<= 3.0.0

Related Weaknesses (CWE)

CWE-79

References

https://community.mybb.com/mods.php?action=view&pid=360Product
https://www.exploit-db.com/exploits/45179ExploitVDB Entry
https://www.vulncheck.com/advisories/mybb-like-plugin-cross-site-scripting-via-uThird Party Advisory

FAQ

What is CVE-2018-25247?

CVE-2018-25247 is a vulnerability with a CVSS score of 6.1 (MEDIUM). MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craf...

How severe is CVE-2018-25247?

CVE-2018-25247 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25247?

Check the references section above for vendor advisories and patch information. Affected products include: Mybb Thankyou\/Like System.