exploitDog

CVE-2023-53978

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum.

Ссылки

https://mybb.com/
Product
https://www.exploit-db.com/exploits/51136
Exploit
https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-forum-announcements
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mybb:mybb:1.8.26:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4hv2-45c6-qhf8

CVSS3: 6.4

github

около 2 месяцев назад

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum.

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79