Description

MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.

Remediation

References

CVE-2021-41866

Related Vulnerabilities

MySQL CVE-2023-21882 Vulnerability (CVE-2023-21882)

WordPress Plugin Meow Gallery (+ Gallery Block) Security Bypass (4.1.9)

WordPress Plugin Echo Sign Multiple Cross-Site Scripting Vulnerabilities (1.1)

WordPress Plugin WP Payeezy Pay Local File Inclusion (2.97)

Squid Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-15810)

Severity

Medium

Classification

CVE-2021-41866 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities