MyBB fixed a Persistent XSS (CVE-2021-27279) in MyBB < 1.8.25 found by our researcher Igor Sak-Sakovskiy. RCE is possible when chained with CVE-2021-27890, reported by Simon Scannell & Carl Smith. Advisory: https://mybb.com/versions/1.8.25/ 468 views15:53