myBB Forums Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in myBB Forums version 1.8.26. This issue resides within the forum management system, allowing authenticated administrators to inject malicious scripts. The vulnerability is exploited by entering script payloads into the forum title field while creating new forums through the 'Forums and Posts' > 'Forum Management' interface. The injected scripts are executed as arbitrary JavaScript when the forum listing is accessed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the forum.

Reproduction

To reproduce this vulnerability, log in as an administrator and navigate to 'Forums and Posts' > 'Forum Management'. Select 'Add New Forum' and enter a script payload, such as a JavaScript alert, into the forum title field. Once the forum is created, the injected script will execute when the forum listing is viewed.