Description
A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin SB Welcome Email Editor Unspecified Vulnerability (4.1)
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43790)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4898)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)