CVE-2018-25247
Cross-Site Scripting in MyBB Like Plugin 3.0.0 Allows Script Injection
Publication date: 2026-04-04
Last updated on: 2026-04-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mybb | thankyou/like_system | to 3.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary scripts in the context of other users who view the attacker's profile page. The impact includes potential session hijacking and other malicious actions that can compromise user accounts or data. Since the attack requires user interaction (viewing the profile), it can be exploited over the network with low attack complexity and no privileges required.
Can you explain this vulnerability to me?
CVE-2018-25247 is a cross-site scripting (XSS) vulnerability in MyBB Like Plugin version 3.0.0. It occurs because the plugin does not properly sanitize user input in post or thread subject fields. Attackers can create posts or threads with malicious script tags in the subject. When other users view the attacker's profile page, where liked posts are displayed without sanitization, the malicious scripts execute.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious script tags in post or thread subject fields, especially those displayed in user profiles where liked posts appear without sanitization.
A practical approach is to review the subject content of posts or threads for suspicious input such as <script> tags.
Since this is a web application vulnerability, detection involves inspecting the web interface or database entries for injected scripts.
- Use a web proxy tool (e.g., Burp Suite) to intercept and analyze HTTP requests and responses for script injection in post subjects.
- Run a database query to search for script tags in post or thread subject fields, for example (assuming MySQL): SELECT * FROM posts WHERE subject LIKE '%<script>%';
- Manually visit user profiles with liked posts and observe if any alert boxes or unexpected scripts execute, indicating XSS.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and validating all user input in post and thread subject fields to prevent script injection.
Since the vulnerability arises from lack of input sanitization, applying patches or updates from the plugin developer that fix this issue is recommended.
If no patch is available, consider temporarily disabling the Like Plugin or restricting user permissions to prevent creation of posts or threads with malicious subjects.
Additionally, educate users to avoid clicking on suspicious profiles or posts until the issue is resolved.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to inject and execute malicious scripts in other users' browsers by exploiting unsanitized input in post or thread subjects. This can lead to session hijacking or other malicious actions.
Such cross-site scripting (XSS) vulnerabilities can impact compliance with standards like GDPR and HIPAA because they may lead to unauthorized access to personal data or compromise the confidentiality and integrity of user information.
However, the provided information does not explicitly discuss the direct impact on compliance with these regulations.