Adamziaja

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.4 **Description** The issue affects the administrative backend, allowing remote authenticated users to inject arbitrary web script or HTML. This can be achieved through various fields in different modules, including the MIME-type field in the config-attachment types module, title or short description fields in the config-mycode or user-groups modules, and others. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.8.4, update to version 1.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative backend to minimize the risk of exploitation. Avoid using the vulnerable fields in the affected modules until the issue is resolved.