CVE-2018-25248 | Downloads Plugin 2.0.3 on MyBB Parameter Title cross site scripting (Exploit 44400 / EDB-44400)

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability described as problematic has been identified in Downloads Plugin 2.0.3 on MyBB. This affects an unknown function of the component Parameter Handler. The manipulation of the argument Title results in cross site scripting.

This vulnerability is cataloged as CVE-2018-25248. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2018-25248 | Downloads Plugin 2.0.3 on MyBB Parameter Title cross site scripting (Exploit 44400 / EDB-44400)

Post correlati

CVE-2026-35043 | BentoML up to 1.4.37 command injection

CVE-2025-25356 | PHPGurukul Land Record System 1.0 POST Request Parameter bwdates-reports-details.php todate sql injection

CVE-2025-52916 | Yealink YMCS RPS prior 2025-06-04 SN Verification Attempt Limits excessive authentication

CVE-2025-13597 | AI Feeds Plugin up to 1.0.11 on WordPress actualizador_git.php unrestricted upload