Vulnerabilities > Mybb > Mybb > 1.8.26
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-04 | CVE-2021-43281 | Code Injection vulnerability in Mybb MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. | 6.5 |
| 2021-10-26 | CVE-2021-41866 | Cross-site Scripting vulnerability in Mybb MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. | 3.5 |