myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed.
References
| Link | Resource |
|---|---|
| https://mybb.com/ | Product |
| https://www.exploit-db.com/exploits/51136 | Exploit |
| https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-template-management | Exploit Third Party Advisory |
| https://www.cve.org/CVERecord?id=CVE-2021-41866 |
Configurations
History
27 Dec 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
27 Dec 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| References | () https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-template-management - Exploit, Third Party Advisory |
26 Dec 2025, 16:03
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://mybb.com/ - Product | |
| References | () https://www.exploit-db.com/exploits/51136 - Exploit | |
| References | () https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-template-management - Third Party Advisory, Exploit | |
| CPE | cpe:2.3:a:mybb:mybb:1.8.26:*:*:*:*:*:*:* | |
| First Time |
Mybb
Mybb mybb |
22 Dec 2025, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-22 22:16
Updated : 2025-12-27 19:15
NVD link : CVE-2023-53976
Mitre link : CVE-2023-53976
CVE.ORG link : CVE-2023-53976
JSON object : View
Products Affected
mybb
- mybb
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')