{"id":"CVE-2018-14888","details":"inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject.","modified":"2026-04-02T00:54:45.417557Z","published":"2018-08-14T18:29:00.837Z","references":[{"type":"ADVISORY","url":"https://community.mybb.com/mods.php?action=changelog&pid=360"},{"type":"FIX","url":"https://github.com/mybbgroup/MyBB_Thank-you-like-plugin/pull/199"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/148871/MyBB-Thank-You-Like-3.0.0-Cross-Site-Scripting.html"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45178/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mybbgroup/Thank-you-like-system","events":[{"introduced":"0"},{"fixed":"2f517a372d7077732756657fca68ba287a78ea46"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.1.0"}]}}],"versions":["v1.7","v1.8","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.2","v1.9.3","v1.9.3b","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.7b","v1.9.8","v1.9.8pre","v1.9.8rc","v1.9.8release","v1.9.9","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.3.0","v3.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14888.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}