CVE-2023-53977 – This stored XSS vulnerability in myBB Forums al... (How to Fix)

Q: What is the severity of CVE-2023-53977?

CVE-2023-53977 has a CVSS score of 5.4 (MEDIUM). This stored XSS vulnerability in myBB Forums allows authenticated administrators to inject malicious JavaScript when creating new forums. The injected scripts execute when other users view the forum listing, potentially compromising their accounts or sessions. Only myBB installations with version 1.8.26 are affected.

📋 TL;DR

This stored XSS vulnerability in myBB Forums allows authenticated administrators to inject malicious JavaScript when creating new forums. The injected scripts execute when other users view the forum listing, potentially compromising their accounts or sessions. Only myBB installations with version 1.8.26 are affected.

💻 Affected Systems

Products:

myBB Forums

Versions: 1.8.26

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrator access to exploit. All installations using the vulnerable version are affected regardless of configuration.

📦 What is this software?

Mybb by Mybb

View all CVEs affecting Mybb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface forums, or redirect users to malicious sites, potentially leading to complete forum compromise.

🟠

Likely Case

Attackers with admin access could inject scripts to steal user session cookies or credentials, leading to account takeover of regular users viewing the forum listing.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials. The vulnerability is simple to exploit once admin access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.27 or later

Vendor Advisory: https://mybb.com/

Restart Required: No

Instructions:

1. Backup your myBB installation and database. 2. Download myBB 1.8.27 or later from the official website. 3. Replace all files with the new version (except config files). 4. Run the upgrade script if required. 5. Clear template cache in Admin CP.

🔧 Temporary Workarounds

Input Validation Filter

all

Add custom input validation to sanitize forum title fields before processing

Modify inc/plugins/forum.php to add htmlspecialchars() or similar filtering to forum title inputs

🧯 If You Can't Patch

Restrict administrator accounts to trusted personnel only and implement strong authentication
Monitor forum creation logs for suspicious activity and unusual forum titles

🔍 How to Verify

Check if Vulnerable:

Check Admin CP > Version & Update for version number. If version is exactly 1.8.26, you are vulnerable.

Check Version:

Check Admin CP dashboard or view inc/version.php file

Verify Fix Applied:

After updating, verify version shows 1.8.27 or later in Admin CP. Test forum creation with script tags to ensure they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual forum creation events
Forum titles containing script tags or JavaScript code
Multiple forum creations in short time

Network Indicators:

Unexpected JavaScript execution in forum pages
External script loading from forum listings

SIEM Query:

source="mybb_logs" AND (event="forum_created" AND title CONTAINS "<script" OR title CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2023-53977

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (9.3th percentile)

Published: December 22, 2025

Last Updated: December 27, 2025

🔗 References

https://mybb.com/ Product
https://www.exploit-db.com/exploits/51136 Exploit
https://www.vulncheck.com/advisories/mybb-forums-stored-cross-site-scripting-via-forum-management Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53977, you might also want to check these: