Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements CVE-2018-10678
> MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements,
> which makes it easier for remote attackers to conduct redirection attacks.
>
> ------------------------------------------
>
> [Additional Information]
> is parsing link with target="_blank" rel="noopener"
> <a class=mycode_url href=malicious.html target="_blank" rel="noopener"> malicious.html </a> MyBB users with Microsoft Edge browser are vulnerable for this attack
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> target=_blanket Phishing attack in chat
>
> ------------------------------------------
>
> [Vendor of Product]
> MyBB
>
> ------------------------------------------
>
> [Affected Product Code Base]
> MyBB - Version 1.8.15
>
> ------------------------------------------
>
> [Affected Component]
> MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open source forum software developed by the MyBB Group
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [CVE Impact Other]
> Phishing & Invalidate redirect
>
> [Discoverer]
> Mayur Udiniya
>
> ------------------------------------------
>
> [Reference]
> https://blog.mybb.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment