Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-31T13:16:35

Updated: 2024-08-04T14:08:30.631Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-19049

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-31T14:15:25.390

Modified: 2024-11-21T05:08:56.127

Link: CVE-2020-19049

cve-icon Redhat

No data.