CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14575 – MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-14575
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. El plugin Trash Bin 1.1.3 para MyBB tiene Cross-Site Scripting (XSS) mediante un asunto de hilo y Cross-Site Request Forgery (CSRF) mediante un asunto de publicación. MyBB Trash Bin plugin version 1.1.3 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46384 http://packetstormsecurity.com/files/151704/MyBB-Trash-Bin-1.1.3-Cross-Site-Request-Forgery-Cross-Site-Scripting.html https://community.mybb.com/mods.php?action=view&pid=957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •