CVE Request:XSS Injection in Email MyCode (MyBB <1.8.11)

Posted by Wester 95 on Apr 11

Hi team,

I would like to request one CVE for this vulnerability, thank you!

#################################

Description:
============

product:MyBB
Homepage:https://mybb.com/
vulnerable version:<1.8.11
Severity:High risk

===============

Proof of Concept:

=============

1.post a thread or reply any thread ,write:

[email=2″onmouseover=”alert(document.location)]hover me[/email]

then when user’s mouse hover it,XSS attack…

007 Software