Description A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. Remediation References CVE-2018-17128 Related Vulnerabilities ownCloud Improper Access Control Vulnerability (CVE-2016-9461) WordPress Plugin Web Forms for Vtiger wordpress Lead capture and Contacts Sync Unspecified Vulnerability (1.0.0) WordPress Plugin WP No External Links Spam Injection (4.2.2) WordPress Plugin Asgaros Forum Security Bypass (1.5.7) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9638) Severity Medium Classification CVE-2018-17128 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities