Stored XSS Vulnerability in MyBB Application by MyBB Group
CVE-2021-41866

5.4MEDIUM

Key Information:

Vendor: Mybb
Status: Mybb
Vendor: CVE Published:; 26 October 2021

What is CVE-2021-41866?

MyBB, a popular forum software, is susceptible to a stored XSS vulnerability due to the improper handling of Template Name values in the Admin Control Panel's theme management. This allows attackers to inject malicious scripts that execute in the context of an administrator's browser session, potentially leading to unauthorized access to sensitive information or control over the application.

References

https://github.com/mybb/mybb/security/advisories/

x_refsource_MISC

https://github.com/mybb/mybb/security/advisories/GHSA-gxh...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2021
Vulnerability Reserved
Oct 4, 2021

Mybb

What is CVE-2021-41866?

References

CVSS V3.1

Timeline