Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41866)

Description

MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.

Remediation

References

Related Vulnerabilities

XWiki Cleartext Storage of Sensitive Information Vulnerability (CVE-2023-50719)

Drupal Core Security Bypass (8.0.0 - 9.1.15)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (1.2.05.20)

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)

PHP Other Vulnerability (CVE-2015-6835)

Severity

Medium

Classification

CVE-2021-41866 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities