# Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting# Date: 11/28/2018# Author: 0xB9# Software Link: https://github.com/zainali99/trends-widget# Version: 1.2# Tested on: Windows 101. Description:
This plugin shows the most trending threads. Trending thread titles aren't sanitized to user input.2. Proof of Concept:- Have a trending thread in the widget
- Change the thread title to a payload <script>alert('XSS')</script>
Anyone that visits the forum will execute payload
