CVE-2021-41866
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP’s theme management is not escaped properly.
Date published : 2021-10-26
https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7