CVE-2018-25309

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browsers o...

high 7.2 CVSS 3.1

Published: Apr 29, 2026

Modified: May 1, 2026

Versions: 17.0

Description

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browsers of all users viewing the index page.

References

CVSS Breakdown

Version	3.1
Score	7.2 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Weakness (CWE)

CWE-79

Affected Product

Vendor	Dragonexpert
Product	Recent Threads On Index
Versions	17.0