CVE-2023-53976

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions myBB Forums version 1.8.26

Description myBB Forums version 1.8.26 has a stored cross-site scripting issue in the template management system. Authenticated administrators can inject malicious scripts when creating new templates. An attacker can exploit this by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface. This can lead to arbitrary JavaScript execution when the template is viewed.

Recommendations Apply a fix that sanitizes the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-53976

Affected Products

Mybb Forums

CVE-2023-53976

Weakness Enumeration

Related Identifiers

Affected Products

References · 11