CVE-2023-53976
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-22

Last updated on: 2025-12-27

Assigner: VulnCheck

Description
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53976
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mybb mybb 1.8.26
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53976 is a stored cross-site scripting (XSS) vulnerability in myBB Forums version 1.8.26. It occurs in the template management system where authenticated administrators can inject malicious JavaScript code into the template title field when creating new templates. This malicious script is then stored and executed whenever the compromised template is viewed, allowing arbitrary JavaScript to run in the context of the application. [2, 3]

Impact Analysis

This vulnerability can allow attackers with administrator access to inject malicious scripts that execute arbitrary JavaScript in the context of the forum application. This can lead to unauthorized actions such as session hijacking, defacement, or theft of sensitive information from users or administrators viewing the affected templates. It compromises the security and integrity of the forum environment. [2, 3]

Detection Guidance

This vulnerability can be detected by attempting to inject typical XSS payloads into the template title field via the administrative interface at 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates'. For example, an authenticated administrator can try submitting a payload like "><img src=x onerror=alert(1)>" in the template title field and then view the template to see if the script executes. Detection involves monitoring HTTP POST requests to the template management endpoints for suspicious input and checking the rendered templates for unsanitized script execution. Specific commands would involve using tools like curl or Burp Suite to send crafted POST requests to the admin endpoints and inspecting responses. For example, a curl command to test injection might be: curl -X POST -d "title=\"><img src=x onerror=alert(1)>" https://yourforum.com/admin/index.php?module=templates&action=add_template. However, exact commands depend on your environment and authentication method. [3]

Mitigation Strategies

Immediate mitigation steps include restricting administrative access to trusted users only, ensuring that only authenticated administrators can access the template management system. Avoid creating or editing templates with untrusted input. Applying any available patches or updates from the myBB project that address this vulnerability is critical. If a patch is not yet available, consider disabling the template management feature temporarily or implementing input validation and output encoding on the template title field to prevent script injection. Monitoring and auditing administrative actions for suspicious template creations can also help mitigate exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53976. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart