CVE-2023-46251
Summary
A DOM-based XSS vulnerability exists in MyBB forum software due to improper input escaping in the custom MyCode for the visual editor. Attackers can exploit this by tricking users into viewing a page with a maliciously crafted MyCode message, potentially leading to cross-site scripting.
IFF Assessment
FOE
This vulnerability allows for cross-site scripting attacks, which can compromise user sessions and data, making it bad news for defenders.
Severity
7.5
High
Defender Context
This DOM-based XSS vulnerability in MyBB affects the visual editor's MyCode handling, allowing attackers to execute scripts in a victim's browser. Defenders should ensure MyBB instances are updated to version 1.8.37 or later, or at minimum, disable the visual editor globally or per user to mitigate the risk.