Share
## https://sploitus.com/exploit?id=PACKETSTORM:161215
# Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting  
# Date: 11/28/2018  
# Author: 0xB9  
# Software Link: https://github.com/zainali99/trends-widget  
# Version: 1.2  
# Tested on: Windows 10  
  
1. Description:  
This plugin shows the most trending threads. Trending thread titles aren't sanitized to user input.  
  
2. Proof of Concept:  
  
- Have a trending thread in the widget  
- Change the thread title to a payload <script>alert('XSS')</script>  
Anyone that visits the forum will execute payload