cvedb.io
CVE-2018-10580
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2018-05-11T14:29:00.203 · Last modified 2026-06-17T01:34:12.760

Summary

The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.

Affected products

latest_posts_on_profile_project — latest_posts_on_profile

Does this affect you?

Add your gear to cvedb and we'll alert you only when latest_posts_on_profile_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.