CVE-2018-25249

Sažetak

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit the comment.

Reference

https://community.mybb.com/mods.php?action=view&pid=411
https://www.exploit-db.com/exploits/44186
https://www.vulncheck.com/advisories/mybb-my-arcade-plugin-persistent-xss-via-comment

CVSS

Base:	6.4
Impact:	2.7
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

04-04-2026 - 14:16

Objavljeno

04-04-2026 - 14:16