First published: Mon Feb 22 2021(Updated: )
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <1.8.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-27279 is a vulnerability in MyBB before 1.8.25 that allows stored XSS (Cross-Site Scripting) attacks through nested [email] tags with MyCode (aka BBCode).
CVE-2021-27279 has a severity rating of medium with a CVSS score of 5.4.
The stored XSS vulnerability in MyBB can be exploited by using nested [email] tags with MyCode (BBCode) to inject malicious scripts that will execute in the context of the victim's browser.
MyBB versions before 1.8.25 are affected by CVE-2021-27279.
To fix CVE-2021-27279, it is recommended to upgrade to MyBB version 1.8.25 or newer.
More information about CVE-2021-27279 can be found on the MyBB GitHub page (commit: cb781b49116bf5c4d8deca3e17498122b701677a), the MyBB security advisories page (GHSA-6483-hcpp-p75w), and the MyBB website (versions/1.8.25/).