MyBB Community Forums

MyBB Community Forums > 1.8 Support > Security Management and Support > Miuna Shoutbox XSS vuln.
Full Version: Miuna Shoutbox XSS vuln.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Icon

2015-05-22, 11:11 PM
So someone was doing XSS on my copy of my Miuna Shoutbox and redirected the site to their script kiddie twitter.

I am not really scared as I already knew what he was doing it from, but I was just reporting that this is currently a vulnerable plugin
it appears the xss message was a html redirect. in the nickname

martec

2015-05-23, 06:33 AM
all messages is filtred in miuna news server.
miuna news server use this https://www.npmjs.com/package/node-xss

Destroy666

2015-05-23, 06:14 PM
First of all, don't post about vulnerabilities in an open forum if you're sure they exist because that makes other forums vulnerable. Private Inquiries forum should be used for that. Closing it here.

Secondly, if you accuse of being insecure, please post a anything to prove it - for example faulty code or at least a proof of concept (what kind of nickname was used and where).
MyBB Community Forums > 1.8 Support > Security Management and Support > Miuna Shoutbox XSS vuln.