CVE-2018-25247 PUBLISHED

MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles

Assigner: VulnCheck
Reserved: 04.04.2026 Published: 04.04.2026 Updated: 04.04.2026

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
CVSS Score: 5.1

Product Status

Vendor MyBB
Product MyBB Like Plugin
Versions
  • Version 3.0.0 is affected

Credits

  • 0xB9 finder

References

Problem Types

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE