2021-10-26 21:25:47
mitre
PUBLISHED
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CPs theme management is not escaped properly.