المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

  1. [dos] RarmaRadio 2.72.8 - Denial of Service (PoC)
  2. [webapps] Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site
  3. [webapps] WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scr
  4. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)
  5. [webapps] WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cro
  6. [webapps] Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To
  7. [dos] iDailyDiary 4.30 - Denial of Service (PoC)
  8. [local] DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path
  9. [local] ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path
  10. [webapps] Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)
  11. [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
  12. [webapps] Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
  13. [webapps] WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Una
  14. [local] DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
  15. [local] Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code
  16. [webapps] Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
  17. [local] Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path
  18. [local] Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
  19. [local] ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path
  20. [webapps] ManageEngine ADSelfService Plus 6.1 - CSV Injection
  21. [webapps] COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)
  22. [webapps] COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (
  23. [webapps] In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
  24. [local] Visual Studio Code 1.47.1 - Denial of Service (Poc)
  25. [dos] WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
  26. [webapps] WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scriptin
  27. [webapps] Microsoft Exchange 2019 - Unauthenticated Email Download
  28. [webapps] EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection
  29. [webapps] IPFire 2.25 - Remote Code Execution (Authenticated)
  30. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent C
  31. [webapps] Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forge
  32. [local] Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
  33. [webapps] Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
  34. [webapps] Billing Management System 2.0 - Union based SQL injection (Authenticated)
  35. [webapps] Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)
  36. [webapps] Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
  37. [webapps] Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File
  38. [webapps] Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent C
  39. [webapps] Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (
  40. [webapps] Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting
  41. [webapps] Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
  42. [local] Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-F
  43. [local] Firefox 72 IonMonkey - JIT Type Confusion
  44. [webapps] Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (S
  45. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL I
  46. [webapps] ZeroShell 3.9.0 - Remote Command Execution
  47. [webapps] Chevereto 3.17.1 - Cross Site Scripting (Stored)
  48. [local] Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
  49. [local] Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
  50. [local] DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
  51. [local] BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
  52. [local] TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
  53. [webapps] PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
  54. [webapps] Human Resource Information System 0.1 - 'First Name' Persistent Cross-Sit
  55. [webapps] Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
  56. [webapps] Voting System 1.0 - Authentication Bypass (SQLI)
  57. [dos] Sandboxie 5.49.7 - Denial of Service (PoC)
  58. [local] WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
  59. [webapps] Voting System 1.0 - Remote Code Execution (Unauthenticated)
  60. [webapps] Human Resource Information System 0.1 - Remote Code Execution (Unauthentica
  61. [local] Epic Games Rocket League 1.95 - Stack Buffer Overrun
  62. [webapps] PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May
  63. [local] Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
  64. [local] Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
  65. [webapps] Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated
  66. [webapps] Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
  67. [webapps] Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
  68. [webapps] b2evolution 7-2-2 - 'cf_name' SQL Injection
  69. [webapps] StudyMD 0.3.2 - XSS to RCE
  70. [webapps] Freeter 1.2.1 - XSS to RCE
  71. [webapps] Markright 1.0 - XSS to RCE
  72. [webapps] Markdownify 1.2.0 - XSS to RCE
  73. [webapps] Anote 1.0 - XSS to RCE
  74. [webapps] Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
  75. [webapps] Markdown Explorer 0.1.1 - XSS to RCE
  76. [webapps] Xmind 2020 - XSS to RCE
  77. [webapps] Tagstoo 2.0.1 - Stored XSS to RCE
  78. [webapps] SnipCommand 0.1.0 - XSS to RCE
  79. [webapps] Moeditor 0.2.0 - XSS to RCE
  80. [webapps] Marky 0.0.1 - XSS to RCE
  81. [webapps] Internship Portal Management System 1.0 - Remote Code Execution Via File Up
  82. [webapps] GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
  83. [webapps] GitLab Community Edition (CE) 13.10.3 - User Enumeration
  84. [webapps] Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)
  85. [webapps] Piwigo 11.3.0 - 'language' SQL
  86. [webapps] GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
  87. [remote] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
  88. [webapps] Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
  89. [webapps] Emoji for NodeBB 3.2.1 - Arbitrary File Write
  90. [webapps] FOGProject 1.5.9 - File Upload RCE (Authenticated)
  91. [webapps] Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution
  92. [webapps] Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
  93. [webapps] Montiorr 1.7.6m - File Upload to XSS
  94. [dos] WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
  95. [webapps] Kimai 1.14 - CSV Injection
  96. [webapps] OpenPLC 3 - Remote Code Execution (Authenticated)
  97. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
  98. [webapps] Hasura GraphQL 1.3.3 - Remote Code Execution
  99. [webapps] Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
  100. [webapps] Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS
  101. [webapps] DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
  102. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
  103. [webapps] Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
  104. [webapps] RemoteClinic 2.0 - 'Full Name' Stored Cross-Site Scripting (XSS)
  105. [webapps] RemoteClinic 2.0 - 'Symptoms' Stored Cross-Site Scripting (XSS)
  106. [webapps] CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
  107. [webapps] OTRS 6.0.1 - Remote Command Execution (2)
  108. [webapps] Hasura GraphQL 1.3.3 - Local File Read
  109. [webapps] Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
  110. [webapps] GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
  111. [dos] Hasura GraphQL 1.3.3 - Denial of Service
  112. [webapps] Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
  113. [webapps] Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scri
  114. [webapps] OpenEMR 5.0.2.1 - Remote Code Execution
  115. [webapps] Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scr
  116. [webapps] rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticat
  117. [remote] Tenda D151 & D301 - Configuration Download (Unauthenticated)
  118. [webapps] RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
  119. [webapps] Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
  120. [webapps] BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
  121. [webapps] WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (X
  122. [webapps] Fast PHP Chat 1.3 - 'my_item_search' SQL Injection
  123. [webapps] Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote
  124. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
  125. [dos] glFTPd 2.11a - Remote Denial of Service
  126. [webapps] htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
  127. [webapps] Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
  128. [webapps] Horde Groupware Webmail 5.2.22 - Stored XSS
  129. [local] MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
  130. [webapps] jQuery 1.2 - Cross-Site Scripting (XSS)
  131. [webapps] jQuery 1.0.3 - Cross-Site Scripting (XSS)
  132. [webapps] Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
  133. [webapps] Digital Crime Report Management System 1.0 - SQL Injection (Authentication
  134. [webapps] CITSmart ITSM 9.1.2.22 - LDAP Injection
  135. [webapps] CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authentica
  136. [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
  137. [webapps] Simple Student Information System 1.0 - SQL Injection (Authentication Bypas
  138. [webapps] Blitar Tourism 1.0 - Authentication Bypass SQLi
  139. [remote] vsftpd 2.3.4 - Backdoor Command Execution
  140. [webapps] PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
  141. [remote] Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Executio
  142. [webapps] DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
  143. [webapps] Composr 10.0.36 - Remote Code Execution
  144. [webapps] CMSimple 5.2 - 'External' Stored XSS
  145. [webapps] Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
  146. [webapps] Composr CMS 10.0.36 - Cross Site Scripting
  147. [webapps] Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
  148. [remote] Google Chrome 81.0.4044 V8 - Remote Code Execution
  149. [webapps] Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
  150. [local] Google Chrome V8 Engine 8.9.40 - Remote Code Execution
  151. [webapps] Mini Mouse 9.2.0 - Path Traversal
  152. [webapps] Mini Mouse 9.2.0 - Remote Code Execution
  153. [webapps] Simple Food Website 1.0 - Authentication Bypass
  154. [webapps] Basic Shopping Cart 1.0 - Authentication Bypass
  155. [webapps] OpenEMR 4.1.0 - 'u' SQL Injection
  156. [local] Rockstar Service - Insecure File Permissions
  157. [webapps] F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)
  158. [webapps] ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation
  159. [webapps] phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
  160. [webapps] Latrix 0.6.0 - 'txtaccesscode' SQL Injection
  161. [webapps] ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
  162. [webapps] ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
  163. [webapps] Zabbix 3.4.7 - Stored XSS
  164. [dos] DD-WRT 45723 - UPNP Buffer Overflow (PoC)
  165. [webapps] CourseMS 2.1 - 'name' Stored XSS
  166. [webapps] GetSimple CMS 3.3.16 - Reflected XSS to RCE
  167. [webapps] Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting
  168. [webapps] TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthe
  169. [webapps] Concrete5 8.5.4 - 'name' Stored XSS
  170. [webapps] Equipment Inventory System 1.0 - 'multiple' Stored XSS
  171. [webapps] Budget Management System 1.0 - 'Budget title' Stored XSS
  172. [webapps] Novel Boutique House-plus 3.5.1 - Arbitrary File Download
  173. [webapps] SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
  174. [webapps] WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticate
  175. [remote] vsftpd 3.0.3 - Remote Denial of Service
  176. [webapps] Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
  177. [webapps] GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
  178. [webapps] Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS
  179. [webapps] Ovidentia 6 - 'id' SQL injection (Authenticated)
  180. [webapps] Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
  181. [webapps] Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site S
  182. [webapps] Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RC
  183. [local] Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path
  184. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated)
  185. [local] ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path
  186. [local] Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service
  187. [webapps] Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS
  188. [local] Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path
  189. [local] ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path
  190. [webapps] MyBB 1.8.25 - Poll Vote Count SQL Injection
  191. [webapps] MyBB 1.8.25 - Chained Remote Command Execution
  192. [dos] ProFTPD 1.3.7a - Remote Denial of Service
  193. [local] OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path
  194. [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password
  195. [webapps] WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Travers
  196. [local] MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path
  197. [local] Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path
  198. [local] Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path
  199. [local] Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path
  200. [local] SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpda
  201. [webapps] Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
  202. [webapps] Online News Portal 1.0 - 'name' SQL Injection
  203. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthen
  204. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenti
  205. [dos] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticate
  206. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
  207. [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials She
  208. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
  209. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authen
  210. [local] SOYAL 701 Server 9.0.1 - Insecure Permissions
  211. [local] SOYAL 701 Client 9.0.1 - Insecure Permissions
  212. [webapps] SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
  213. [webapps] SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
  214. [webapps] VestaCP 0.9.8 - 'v_sftp_licence' Command Injection
  215. [local] Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
  216. [webapps] Profiling System for Human Resource Management 1.0 - Remote Code Execution
  217. [local] BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
  218. [webapps] Boonex Dolphin 7.4.2 - 'width' Stored XSS
  219. [webapps] LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
  220. [webapps] Plone CMS 5.2.3 - 'Title' Stored XSS
  221. [webapps] Hestia Control Panel 1.3.2 - Arbitrary File Write
  222. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
  223. [webapps] rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution*(Authenticat
  224. [remote] Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
  225. [local] VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
  226. [webapps] VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS
  227. [local] FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buf
  228. [webapps] VestaCP 0.9.8 - File Upload CSRF
  229. [webapps] WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection
  230. [local] GeoGebra CAS Calculato?r? 6.0.631.0 - Denial of Service (PoC)
  231. [local] GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
  232. [local] GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
  233. [local] GeoGebra Graphing Calculato?r? 6.0.631.0 - Denial Of Service (PoC)
  234. [webapps] Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (Fil
  235. [webapps] SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
  236. [webapps] Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure
  237. [local] QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path
  238. [local] Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path
  239. [local] eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path
  240. [local] Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path
  241. [webapps] openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting
  242. [webapps] MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
  243. [webapps] rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
  244. [webapps] Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
  245. [webapps] Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
  246. [local] Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths
  247. [webapps] Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
  248. [webapps] Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)
  249. [dos] Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC
  250. [webapps] MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting