MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Support > Recent threads on index plugin security vulnerability?
Full Version: Recent threads on index plugin security vulnerability?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Nuance

2016-07-25, 11:54 PM
Not sure if this has been reported, but it's working.


With this plugin if a thread title has javascript in it, the javascript will be executed. Example

VisualizeEdits

2016-07-26, 06:55 AM
That's an interesting bug you found. There could be potential security vulnerability if someone knew how to do so in such a short javascript line. Maybe use a plugin to monitor the thread titles (to prevent spams/unreasonable titles) for now  if you insists on using it. Otherwise, I wouldn't worry much about that.

Devilshakerz

2016-07-26, 09:18 AM
Thanks for the heads up; the plugin has been marked as vulnerable and the author has been informed.

Garden of Sinners

2016-08-07, 08:06 PM
Thanks for letting us know, a friend of mine managed to get this fixed up and sent it to me.

Download the attachment below.
MyBB Community Forums > Extensions > Plugins > Plugin Support > Recent threads on index plugin security vulnerability?