CVE-2021-41866

CVE-2021-41866

EPSS 0.5%

MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mybb/mybb/security/advisories/https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7