CVE-2021-47905

Name of the Vulnerable Software and Affected Versions MyBB Delete Account Plugin version 1.4

Description The MyBB Delete Account Plugin contains a cross-site scripting issue in the account deletion reason input field. An attacker can inject malicious scripts that will execute in the admin interface when viewing delete account reasons. The vulnerable input allows for the injection of scripts that impact the admin interface.

Recommendations Update the MyBB Delete Account Plugin to a newer version that addresses this issue. As a temporary workaround, sanitize all input to the account deletion reason field to prevent script injection.