CVSS 3.1 Score 6.1 of 10 (medium)


Published Nov 6, 2023
Updated: Feb 29, 2024


CVE-2023-46251 is a vulnerability that affects MyBB, a free and open-source forum software. The vulnerability is related to the Custom MyCode feature for the visual editor called SCEditor. When rendering HTML, this feature does not properly escape input, resulting in a DOM-based cross-site scripting (XSS) vulnerability. An attacker could exploit this vulnerability by directing a victim to a page where the visual editor is active and operates on a maliciously crafted MyCode message. This can occur on pages where message content is pre-filled using a GET/POST parameter or on reply pages where a previously saved malicious message is quoted. To mitigate the impact of this vulnerability, the visual editor can be disabled globally or for individual user accounts. MyBB 1.8.37 release resolves this issue, and users are advised to upgrade their software. If upgrading is not possible, users can change the settings to disable the visual editor either globally or for individual user accounts.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46251 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options