Description
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
Remediation
References
Related Vulnerabilities
WordPress Plugin Albo Pretorio On line Multiple Vulnerabilities (3.2)
MediaWiki Other Vulnerability (CVE-2012-5395)
WordPress Plugin Copperleaf Photolog 'cplphoto.php' SQL Injection (0.16)
WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.7)
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)