MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Possible XSS Vulnerability
Full Version: Possible XSS Vulnerability
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Steve Moore

2012-08-04, 08:53 AM
After getting blocked by mod_security today I did some checking of the logs and this is happening every other day, luckily the other days I was not blocked just other IP's.

The XSS comes from jscripts/jquery.cookie.js

Screenshots provided.

NOTE: I am unable to add new issues to the bug report system for some odd reason.

MyBB Version: 1.6.8
Plugins: MyGW2Code, MyForumIcons

StefanT

2012-08-04, 08:59 AM
jquery.cookie.js is not part of MyBB.

Steve Moore

2012-08-04, 09:05 AM
Gah, didn't even pay attention to the core package. I found the issue, forgot about one plugin and it is part of that one. I will report it to the plugin dev.
Guess I won't, their site is down and no thread on this forum.

Wolfseye

2012-08-04, 12:51 PM
It would help if you could say which Plugin it is, so if one of us uses it, he/she also knows to remove it for good, or until further notice.

There is hardly any list of plugins that are maybe dangerous. Could be valueable informations so we can do something before maybe getting hacked.

Thanks

Wolfseye

FooFighter

2012-08-04, 04:00 PM
do we know the plugin?
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Possible XSS Vulnerability