Primary

Context

MyBB Recent Threads Persistent Cross-Site Scripting Vulnerability

Vulnerability

A persistent cross-site scripting vulnerability has been identified in the MyBB Recent Threads plugin version 17.0. This vulnerability allows attackers to inject malicious scripts by creating threads with specially crafted subject lines. The injected scripts are executed as arbitrary JavaScript in the browsers of users viewing the index page.

Impact

Exploitation of this vulnerability leads to persistent cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Reproduction

To reproduce this vulnerability, create a thread with a subject line that includes script tags, such as a JavaScript alert. Once the thread is created, navigate to the index page to observe the script execution, which will manifest as an alert box displaying the message.

Added: Apr 29, 2026, 8:30 PM

Updated: Apr 29, 2026, 8:30 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

0.0

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

0.0

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MyBB Recent Threads Persistent Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

MyBB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating