Stored XSS in MyBB Admin CP's Theme Management

Stored XSS in MyBB Admin CP's Theme Management

CVE-2021-41866 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.

Learn more about our Web Application Penetration Testing UK.