CVE-2018-25248
Persistent XSS in MyBB Downloads Plugin 2.0.3 Allows Script Injection
Publication date: 2026-04-04
Last updated on: 2026-04-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mybb | mybb_downloads | 2.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the MyBB Downloads Plugin to the latest version where this vulnerability has been patched.
Until the update can be applied, restrict regular members from submitting new downloads or disable the downloads submission feature to prevent injection of malicious scripts.
Additionally, administrators should be cautious when validating downloads and consider sanitizing or escaping the download title field manually before approval.
Review and apply the patch available at the GitHub repository: https://github.com/vintagedaddyo/MyBB_Plugin-Downloads/pull/1/commits.
Can you explain this vulnerability to me?
CVE-2018-25248 is a persistent cross-site scripting (XSS) vulnerability found in MyBB Downloads Plugin version 2.0.3 and earlier. It occurs because the plugin does not properly sanitize user input in the download title field.
Regular members can submit a new download with malicious HTML or JavaScript code embedded in the title. This malicious script then executes when an administrator reviews or validates the download entry via the downloads.php page.
How can this vulnerability impact me? :
This vulnerability allows attackers to execute malicious scripts in the context of an administrator's browser when they review submitted downloads.
Potential impacts include session hijacking, unauthorized actions performed with administrator privileges, and other malicious activities that can compromise the security and integrity of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for malicious scripts in the download title field submitted by regular members. Since the issue arises from unsanitized input in the download title, you can look for entries containing suspicious HTML or JavaScript code, such as <BODY ONLOAD=alert('XSS')> or similar payloads.
To detect exploitation attempts, you can search the database or logs for download titles containing HTML or JavaScript tags.
- Use SQL queries to find suspicious entries in the downloads table, for example: SELECT * FROM downloads WHERE title LIKE '%<script%' OR title LIKE '%<body%';
- Monitor web server logs for POST requests to the download submission endpoint containing suspicious payloads in the title parameter.
- Use web application scanners or security tools that detect stored XSS vulnerabilities by submitting test payloads in the download title field and observing if scripts execute during admin validation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to inject persistent cross-site scripting (XSS) payloads that execute in the context of an administrator's browser. This can lead to session hijacking or other malicious actions.
Such unauthorized script execution and potential data compromise could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of user data and secure handling of administrative access.
However, the provided information does not explicitly detail the direct effects on compliance with these regulations.