# Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting  
# Date: 7/23/2018  
# Author: 0xB9  
# Software Link:  
# Version: 0.2.1  
# Tested on: Windows 10  
1. Description:  
This plugin allows threads to redirect to a URL with optional custom text. The custom text input is vulnerable to Cross-Site Scripting.  
2. Proof of Concept:  
- Create a new thread  
- Input any Thread Subject and Redirect URL you'd like  
- Use the following payload for Your Message <svg/onload=alert('XSS')>  
Anyone who views the thread will execute payload.