CVE-2023-53976

MEDIUM

myBB Forums 1.8.26 - XSS

Title source: llm

Description

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed.

Exploits (1)

exploitdb WORKING POC
by Andrey Stoykov · textwebappsphp
https://www.exploit-db.com/exploits/51136

References (4)

Scores

CVSS v3 5.4
EPSS 0.0006
EPSS Percentile 17.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
mybb/mybb 1.8.26
Mybb/myBB forums 1.8.26
Published Dec 22, 2025
Tracked Since Feb 18, 2026