Authored by 0xB9

MyBB Active Threads plugin version 1.3.0 suffers from a cross site scripting vulnerability.

advisories | CVE-2022-28354

# Exploit Title: MyBB Active Threads Plugin 1.3.0 – Cross-Site Scripting
# Date: February 9, 2022
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link:
# Version: 1.3.0
# Tested On: Windows 10
# CVE: CVE-2022-28354

This plugin shows a page of active threads. The date parameter is vulnerable to XSS when setting a time period.

Proof of Concept: