Description
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
Remediation
References
Related Vulnerabilities
WordPress Plugin Generate PDF using Contact Form 7 Cross-Site Scripting (3.5)
WordPress Plugin Custom Global Variables Cross-Site Scripting (1.0.5)
MySQL CVE-2012-0101 Vulnerability (CVE-2012-0101)
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)
Nexus Repository Manager CVE-2019-15893 Vulnerability (CVE-2019-15893)