MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name
{ "cpes": [ "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*" ], "severity": "Medium" }