CVE-2023-53978
MEDIUMmyBB Forums 1.8.26 - XSS
Title source: llmDescription
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum.
Exploits (1)
Scores
CVSS v3
5.4
EPSS
0.0005
EPSS Percentile
16.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
mybb/mybb
1.8.26
Mybb/myBB forums
1.8.26
Published
Dec 22, 2025
Tracked Since
Feb 18, 2026