MyBB Community Forums
Possible XSS Vulnerability - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 Security Management and Support (https://community.mybb.com/forum-153.html)
+------ Thread: Possible XSS Vulnerability (/thread-123804.html)



Possible XSS Vulnerability - Steve Moore - 2012-08-04

After getting blocked by mod_security today I did some checking of the logs and this is happening every other day, luckily the other days I was not blocked just other IP's.

The XSS comes from jscripts/jquery.cookie.js

Screenshots provided.

NOTE: I am unable to add new issues to the bug report system for some odd reason.

MyBB Version: 1.6.8
Plugins: MyGW2Code, MyForumIcons


RE: Possible XSS Vulnerability - StefanT - 2012-08-04

jquery.cookie.js is not part of MyBB.


RE: Possible XSS Vulnerability - Steve Moore - 2012-08-04

Gah, didn't even pay attention to the core package. I found the issue, forgot about one plugin and it is part of that one. I will report it to the plugin dev.

Guess I won't, their site is down and no thread on this forum.


RE: Possible XSS Vulnerability - Wolfseye - 2012-08-04

It would help if you could say which Plugin it is, so if one of us uses it, he/she also knows to remove it for good, or until further notice.

There is hardly any list of plugins that are maybe dangerous. Could be valueable informations so we can do something before maybe getting hacked.

Thanks

Wolfseye


RE: Possible XSS Vulnerability - FooFighter - 2012-08-04

do we know the plugin?