CVE-2023-53977
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-22

Last updated on: 2025-12-27

Assigner: VulnCheck

Description
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when adding new forums through the 'Forums and Posts' > 'Forum Management' interface, causing arbitrary JavaScript to execute when the forum listing is viewed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53977
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mybb mybb 1.8.26
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53977 is a stored cross-site scripting (XSS) vulnerability in myBB Forums version 1.8.26. It occurs in the forum management system where authenticated administrators can inject malicious JavaScript code into the forum title field when creating new forums. This injected script is stored and later executed in the browser of any user who views the forum listing, allowing arbitrary JavaScript execution within the context of the web application. [2, 3]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript code in the browsers of users who view the affected forum listings. This can lead to session hijacking, defacement, theft of sensitive information, or performing actions on behalf of the user without their consent. Since the attack requires an authenticated administrator to inject the malicious script, it primarily impacts the integrity and security of the forum environment and its users. [2, 3]

Detection Guidance

This vulnerability can be detected by attempting to inject typical XSS payloads such as `"><script>alert(1)</script>` into the forum title or description fields when adding new forums via the 'Forums and Posts' > 'Forum Management' interface as an authenticated administrator. Monitoring HTTP POST requests to the forum management add endpoint for such payloads and checking if the forum listing page renders these scripts unsanitized can confirm the presence of the vulnerability. Specific commands would involve using tools like curl or Burp Suite to send crafted POST requests with XSS payloads to the forum management endpoints and then inspecting the responses or the rendered forum listing page for script execution. [2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting administrative access to trusted users only, avoiding the addition of new forums or editing forum titles and descriptions until a patch is applied, and implementing input validation and output encoding to sanitize user inputs in the forum management system. Additionally, monitoring and reviewing forum titles for suspicious scripts and applying any available security updates or patches from MyBB as soon as they are released is recommended. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart