CVE-2021-47905

MEDIUM
2026-01-23 [email protected]
5.1
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
PoC Detected
Apr 09, 2026 - 13:53 vuln.today
Public exploit code
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 23, 2026 - 17:16 nvd
MEDIUM 5.1

Tags

XSS

Description

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.

Analysis

account deletion reason input field. Attackers can inject malicious scripts is affected by cross-site scripting (xss) (CVSS 6.1).

Technical Context

This vulnerability (CWE-79: Cross-site Scripting (XSS)) exists in the admin component. MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.

Affected Products

Product: account deletion reason input field. Attackers can inject malicious scripts. Component: admin.

Remediation

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: +20

Share

CVE-2021-47905 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy