cve/2021/CVE-2021-27889.md

CVE-2021-27889

Description

Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.

POC

Reference

• http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/SexyBeast233/SecBooks
• https://github.com/SouthWind0/southwind0.github.io
• https://github.com/scannells/exploits
• https://github.com/xiaopan233/Mybb-XSS_SQL_RCE-POC