MyBB Favicon 1.0 Cross Site Scripting

# Exploit Title: MyBB [PGM] Favicon Plugin 1.0 – Cross-Site Scripting# Date: May 2, 2023# Author: 0xB9# Twitter: @0xB9sec# Software Link: https://community.mybb.com/mods.php?action=view&pid=1554# Version: 1.0# Tested On: Windows 10Description:The favicon input in the settings doesn’t sanitize the favicon URL.Proof of Concept:– In the admin dashboard go to Configuration > Settings > Favicon– Enter the following payload in the URL input: “><script>alert(1)</script>.ico– Visit any page on the forum to trigger the payload