Impact
Persistent Cross-site scripting (XSS) vulnerability in the Templates & Style → Themes Admin CP module allows remote authenticated users to inject HTML, triggered in Admin CP.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Patches
MyBB 1.8.37 resolves this issue with the following changes:
References
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.
Impact
Persistent Cross-site scripting (XSS) vulnerability in the Templates & Style → Themes Admin CP module allows remote authenticated users to inject HTML, triggered in Admin CP.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Patches
MyBB 1.8.37 resolves this issue with the following changes:
.patch: https://github.com/mybb/mybb/commit/468900dc9a8a881c7835f78777fea4b2a8753c37.patchReferences
For more information
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
Contact
The security team can be reached at security@mybb.com.