Exploit for MyBB OUGC Feedback 1.8.22 Cross Site Scripting CVE-2021-28115

Name: Exploit for MyBB OUGC Feedback 1.8.22 Cross Site Scripting CVE-2021-28115
Rating: 5 (128 reviews)

2021-03-11 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:161746
# Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting  
# Date: 1/30/2021  
# Author: 0xB9  
# Twitter: @0xB9Sec  
# Contact: 0xB9[at]pm.me  
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1220  
# Version: 1.8.22  
# Tested on: Windows 10  
# CVE: CVE-2021-28115  
  
1. Description:  
This plugin adds a feedback system to your forum. Edit feedback button is vulnerable to XSS.  
  
2. Proof of Concept:  
  
- Go to a user profile  
- Add feedback and leave the following payload as comment "><script>alert(1)</script>  
- View the feedback feedback.php?uid=2   
- When clicking Edit payload will execute