The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in the private messaging and post modules.
What Are the Risks?
If administrators are targeted, successful attacks could trick their browser into hacking their own site by executing code on the server and grant full power over the site to the assailants.
Source: Security Feed