Description
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2010-4409)
IBM RTC Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0748)
MySQL CVE-2023-22057 Vulnerability (CVE-2023-22057)
WordPress Plugin VR Calendar Cross-Site Request Forgery (2.3.3)
WordPress Plugin GD Rating System Unspecified Vulnerability (2.6)