# Exploit Title: XSS in MyBB up to 1813 via installer
# Date: Found on 05-29-2017
# Exploit Author: Pablo Sacristan
# Vendor Homepage: mybbcom/
# Version: Version > 1813 (Fixed in 1813)
# CVE : CVE-2017-16781
No HTML escaping when returning an $error in /install/indexphp can
lead to an XSS which can be used to take over an attac ...