Vulnerability Summary: MyBB Downloads Plugin 2.0.3 Persistent XSS Vulnerability Overview MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting (Persistent XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary JavaScript code via the download file link. Specifically, attackers can insert malicious content containing HTML and JavaScript in the parameter, which will be executed when administrators validate the download request in . Impact Scope Affected Product: MyBB Downloads Plugin Affected Versions: "Attackers can inject a new content with HTML and JavaScript in the file parameter, which executes when administrators validate the download of downloads.php."