Description Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. Remediation References CVE-2021-27889 Related Vulnerabilities WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8) Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-5174) MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-36125) MySQL CVE-2019-2636 Vulnerability (CVE-2019-2636) Oracle Database Server CVE-2009-1994 Vulnerability (CVE-2009-1994) Severity Medium Classification CVE-2021-27889 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities