Headline
CVE-2022-28353: MyBB External Redirect Warning 1.3 Cross Site Scripting ≈ Packet Storm
In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS.
# Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting# Date: February 1, 2021# Author: 0xB9# Twitter: @0xB9sec# Software Link: https://community.mybb.com/mods.php?action=view&pid=493# Version: 1.3# Tested On: Windows 10# CVE: CVE-2022-28353Description:This plugin notifies the user when they are being redirect to an off-site page. The redirect URL is vulnerable to XSS.Proof of Concept:– Go to the following URL… external.php?url=javascript:alert(1);– Click continuePayload will executeRelated news
MyBB External Redirect Warning 1.3 Cross Site Scripting
MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.