High severity7.2NVD Advisory· Published Apr 29, 2026· Updated May 1, 2026

CVE-2018-25309

Description

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browsers of all users viewing the index page.

Affected products

Dragonexpert/Recent Threads On Index
cpe:2.3:a:dragonexpert:recent_threads_on_index:17.0:*:*:*:*:mybb:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44420nvdExploitVDB Entry
www.vulncheck.com/advisories/mybb-recent-threads-persistent-cross-site-scriptingnvdThird Party Advisory
community.mybb.com/mods.phpnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000