Medium severity6.1NVD Advisory· Published Apr 4, 2026· Updated May 26, 2026
CVE-2018-25247
CVE-2018-25247
Description
MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that displays the attacker's liked posts, the unsanitized subject is rendered, executing the script in the viewer's browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =3.0.0
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/45179nvdExploitVDB Entry
- www.vulncheck.com/advisories/mybb-like-plugin-cross-site-scripting-via-user-profilesnvdThird Party Advisory
- community.mybb.com/mods.phpnvdProduct
News mentions
0No linked articles in our index yet.