PT-2025-52714 · Unknown · Mybb Forums
Andrey Stoykov
·
Published
2025-12-22
·
Updated
2025-12-26
·
CVE-2023-53977
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
myBB Forums version 1.8.26
Description
myBB Forums version 1.8.26 contains a stored cross-site scripting issue in the forum management system. Authenticated administrators can inject malicious scripts when creating new forums. Attackers can exploit this by inserting script payloads in the forum title field through the 'Forums and Posts' > 'Forum Management' interface. This can lead to arbitrary JavaScript execution when the forum listing is viewed. The vulnerable parameter is the forum title field.
Recommendations
Apply a fix to sanitize the forum title field when creating new forums through the 'Forums and Posts' > 'Forum Management' interface.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mybb Forums