MyBB Community Forums

Full Version: Possible XSS Vulnerability
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
After getting blocked by mod_security today I did some checking of the logs and this is happening every other day, luckily the other days I was not blocked just other IP's.

The XSS comes from jscripts/jquery.cookie.js

Screenshots provided.

NOTE: I am unable to add new issues to the bug report system for some odd reason.

MyBB Version: 1.6.8
Plugins: MyGW2Code, MyForumIcons
jquery.cookie.js is not part of MyBB.
Gah, didn't even pay attention to the core package. I found the issue, forgot about one plugin and it is part of that one. I will report it to the plugin dev.

Guess I won't, their site is down and no thread on this forum.
It would help if you could say which Plugin it is, so if one of us uses it, he/she also knows to remove it for good, or until further notice.

There is hardly any list of plugins that are maybe dangerous. Could be valueable informations so we can do something before maybe getting hacked.


do we know the plugin?