Vulnerability Description
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Export User Project | Export User | <= 2.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-ScriThird Party AdvisoryVDB Entry
- https://community.mybb.com/mods.php?action=view&pid=1408Broken Link
- https://community.mybb.com/user-121250.htmlPermissions Required
- http://packetstormsecurity.com/files/171421/MyBB-Export-User-2.0-Cross-Site-ScriThird Party AdvisoryVDB Entry
- https://community.mybb.com/mods.php?action=view&pid=1408Broken Link
- https://community.mybb.com/user-121250.htmlPermissions Required
FAQ
What is CVE-2023-27890?
CVE-2023-27890 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only...
How severe is CVE-2023-27890?
CVE-2023-27890 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27890?
Check the references section above for vendor advisories and patch information. Affected products include: Export User Project Export User.