# CVE-2018-25309

> Vulnerability · severity: **HIGH** (CVSS 7.2).

## Description

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browsers of all users viewing the index page.

## Key facts

- **CVE ID:** CVE-2018-25309
- **Published:** 2026-04-29
- **CVSS severity:** HIGH
- **CVSS base score:** 7.2
- **CWE codes:** CWE-79

## Affected products

- `dragonexpert:recent_threads_on_index`

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25309

## Citation

> AI Analytics. CVE-2018-25309. Retrieved 2026-07-16 from https://api.ai-analytics.org/cve/CVE-2018-25309. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*