Stored Cross-Site Scripting in myBB Forums Management System
CVE-2023-53977

5.1MEDIUM

Key Information:

Vendor: Mybb
Status: Mybb Forums
Vendor: CVE Published:; 22 December 2025

Badges

👾 Exploit Exists

What is CVE-2023-53977?

myBB Forums 1.8.26 is susceptible to a stored cross-site scripting vulnerability within its forum management system. This flaw allows authenticated administrators to inject malicious scripts while creating new forums. When an attacker exploits this vulnerability, they can input script payloads into the forum title field during the 'Forums and Posts' > 'Forum Management' process. If successfully executed, arbitrary JavaScript can run on the user's browser, compromising the security of forum users and potentially leading to further malicious activities.

Affected Version(s)

myBB forums 1.8.26

References

https://www.exploit-db.com/exploits/51136

exploit

https://mybb.com/

product

https://www.vulncheck.com/advisories/mybb-forums-stored-c...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 22, 2025
👾
Exploit known to exist
Dec 22, 2025
Vulnerability published
Dec 22, 2025
Vulnerability Reserved
Dec 20, 2025

Credit

Andrey Stoykov

CVE-2023-53977 Data

JSON

Mybb