CVE-2023-46251

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 6, 2023
Updated: Feb 29, 2024
CWE ID 79

Summary

CVE-2023-46251 is a vulnerability that affects MyBB, a free and open-source forum software. The vulnerability is related to the Custom MyCode feature for the visual editor called SCEditor. When rendering HTML, this feature does not properly escape input, resulting in a DOM-based cross-site scripting (XSS) vulnerability. An attacker could exploit this vulnerability by directing a victim to a page where the visual editor is active and operates on a maliciously crafted MyCode message. This can occur on pages where message content is pre-filled using a GET/POST parameter or on reply pages where a previously saved malicious message is quoted. To mitigate the impact of this vulnerability, the visual editor can be disabled globally or for individual user accounts. MyBB 1.8.37 release resolves this issue, and users are advised to upgrade their software. If upgrading is not possible, users can change the settings to disable the visual editor either globally or for individual user accounts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-46251 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database