CVE-2021-39338 – MyBB Cross-Poster <= 1.0 Authenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-39338

14 Oct 2021 — The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin MyBB Cross-Poster de WordPress ... • https://github.com/BigTiger2020/word-press/blob/main/MyBB%20Cross-Poster.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •