CVE-2023-53976

Medium CVSS: 5.1

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed.

Vendor

Mybb

Product

Mybb

CWE

CWE-79

Yayın Tarihi

2025-12-22 22:16:03

Güncelleme

2025-12-27 19:15:39

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Mybb MEDIUM Mybb 2025

Referanslar

https://mybb.com/ https://www.exploit-db.com/exploits/51136 https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-template-management https://www.cve.org/CVERecord?id=CVE-2021-41866

Benzer Kayıtlar

Medium

CVE-2023-53977

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authe…

Medium

CVE-2023-53978

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows aut…

High

CVE-2023-53979

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictio…

Critical

CVE-2011-10018

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remot…

High

CVE-2025-48940

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input…

Medium

CVE-2025-48941

MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions…