Detections
Analytics

CVE-2018-25247

medium

Description

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization.

References

https://www.vulncheck.com/advisories/mybb-like-plugin-cross-site-scripting-via-user-profiles

https://www.exploit-db.com/exploits/45179

https://community.mybb.com/mods.php?action=view&pid=360

Details

Source: Mitre, NVD

Published: 2026-04-04

Updated: 2026-04-04

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Severity: Medium