CVE-2022-43708

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.31

Description The issue allows attackers to inject HTML by persuading the user to upload a file with a specially crafted name, exploiting cross-site scripting (XSS) vulnerabilities in the post Attachments interface.

Recommendations For MyBB version 1.8.31, as a temporary workaround, consider restricting the ability to upload files with specially crafted names to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.