cve/2018/CVE-2018-14724.md

### [CVE-2018-14724](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14724)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.

### POC

#### Reference
- https://www.exploit-db.com/exploits/46347
- https://www.exploit-db.com/exploits/46347

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-14724](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14724)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.`

			`### POC`

			`#### Reference`
			`- https://www.exploit-db.com/exploits/46347`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://www.exploit-db.com/exploits/46347`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`