First published: Tue Oct 26 2021(Updated: )
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | <1.8.28 | |
<1.8.28 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-41866.
The severity of CVE-2021-41866 is medium (5.4).
The affected software is MyBB version up to exclusive 1.8.28.
CVE-2021-41866 is a stored XSS vulnerability in MyBB before 1.8.28, specifically in the displayed Template Name value in the Admin CP's theme management.
To fix CVE-2021-41866, upgrade MyBB to version 1.8.28 or later.