CVE-2021-27279
MEDIUMMyBB < 1.8.25 - Stored Cross-Site Scripting via Nested Email MyCode Tags
Title source: llmDescription
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://mybb.com/versions/1.8.25/
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w
Patch, Third Party Advisory x_refsource_confirm
https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a
Scores
CVSS v3
5.4
EPSS
0.0096
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mybb/mybb
< 1.8.25
Published
Feb 22, 2021
Tracked Since
Feb 18, 2026