Authored by 0xB9

MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.

advisories | CVE-2022-28353

# Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting
# Date: February 1, 2021
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link:
# Version: 1.3
# Tested On: Windows 10
# CVE: CVE-2022-28353

This plugin notifies the user when they are being redirect to an off-site page. The redirect URL is vulnerable to XSS.

Proof of Concept:

– Go to the following URL… external.php?url=javascript:alert(1);
– Click continue
Payload will execute