MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.
30648b0a86ff796492c571bdf536801d2869613474a695f71e4142c2ef8f81e5
# Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting
# Date: February 1, 2021
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=493
# Version: 1.3
# Tested On: Windows 10
# CVE: CVE-2022-28353
Description:
This plugin notifies the user when they are being redirect to an off-site page. The redirect URL is vulnerable to XSS.
Proof of Concept:
– Go to the following URL… external.php?url=javascript:alert(1);
– Click continue
Payload will execute