MyBB Open Redirect Vulnerability


Description   (:An open redirect vulnerability has been reported in MyBB.:A remote attacker could exploit iy by enticing their victim into following a specially crafted link in order to redirect them to an arbitrary website.::This vulnerability, located in HTML link tags with 'target="_blank"' and 'rel="noopener"' parameters, is triggerable when the victim is using Microsoft Edge.)
     
Vulnerable Products   Vulnerable Software:
MyBB (MyBB) - 1.8.15
     
Solution   No solution for the moment.
     
CVE   CVE-2018-10678
     
References   - MayurUdiniya : MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements CVE-2018-10678
https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2018-05-13 

 Target Type 
Client 

 Possible exploit 
Remote