CVE-2023-53978

Medium CVSS: 5.1

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum.

Vendor

Mybb

Product

Mybb

CWE

CWE-79

Yayın Tarihi

2025-12-22 22:16:03

Güncelleme

2025-12-27 17:15:45

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Mybb MEDIUM Mybb 2025

Referanslar

https://mybb.com/ https://www.exploit-db.com/exploits/51136 https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-forum-announcements

Benzer Kayıtlar

Medium

CVE-2023-53976

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows au…

Medium

CVE-2023-53977

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authe…

High

CVE-2023-53979

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictio…

Critical

CVE-2011-10018

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remot…

High

CVE-2025-48940

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input…

Medium

CVE-2025-48941

MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions…