CNNVD-202512-3918 Information

CNNVD ID

CNNVD-202512-3918

Related CVE

CVE-2023-53977

• CNNVD Published: 2025-12-22

Description (Chinese)

MyBB（MyBulletinBoard）是MyBB团队的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB 1.8.26版本存在跨站脚本漏洞，该漏洞源于论坛管理系统存在存储型跨站脚本问题，可能导致经过身份验证的管理员在创建新论坛时注入恶意脚本。

Description (English)

MyBB (MyBulletinBoard) is a free Web-based forum software developed by MyBB teams using PHP and MySQL. The software is simple, easy to use, multi-country language support, and scalable. MyBB 1.8.26 has a cross-site script loophole, which stems from the storage of cross-site scripts in the Forum Management System and may result in malicious scripts being injected into the creation of new forums by accredited administrators.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

MyBB

Published

2025-12-22

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51136 https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-forum-management https://mybb.com/ https://access.redhat.com/security/cve/cve-2023-53977

Patch

https://mybb.com/download/