Detections
Analytics

CVE-2018-25116

medium

Description

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.

References

https://www.vulncheck.com/advisories/mybb-thread-redirect-plugin-cross-site-scripting

https://www.exploit-db.com/exploits/49505

https://github.com/jamiesage123/Thread-Redirect

Details

Source: Mitre, NVD

Published: 2026-01-23

Updated: 2026-01-26

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.0001