Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41866)

Description

MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.

Remediation

References

Related Vulnerabilities

Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-55885)

SharePoint Buffer Over-read Vulnerability (CVE-2025-53736)

YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)

WordPress Plugin Larsens Calender Cross-Site Scripting (1.2)

WordPress Plugin Network Publisher 'networkpub_key' Parameter Cross-Site Scripting (5.0.1)

Severity

Medium

Classification

CVE-2021-41866 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities