CVE-2018-25249

Medium CVSS: 5.1

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit the comment.

Vendor

Product

CWE

CWE-79

Yayın Tarihi

2026-04-04 14:16:20

Güncelleme

2026-04-07 13:20:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 MEDIUM 2026

Referanslar

https://community.mybb.com/mods.php?action=view&pid=411 https://www.exploit-db.com/exploits/44186 https://www.vulncheck.com/advisories/mybb-my-arcade-plugin-persistent-xss-via-comment