Stored Cross-Site Scripting Vulnerability in MyBB by MyBB Group
CVE-2024-52702

Currently unrated

Key Information:

Vendor: MyBB Group
Status: MyBB
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-52702?

A stored cross-site scripting (XSS) vulnerability exists in the install/index.php component of MyBB v1.8.38, enabling attackers to inject malicious web scripts or HTML through a specially crafted payload in the Website Name parameter. This could lead to unauthorized execution of scripts that may compromise user data or manipulate user sessions.

References

https://github.com/mybb/mybb/issues/4859

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2024