An issue exists in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mybb mybb 1.8.17 |