{"vulnerability": "CVE-2021-27279", "sightings": [{"uuid": "dc09eea5-65e8-4ff0-bf2c-1c124f34ca51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27279", "type": "published-proof-of-concept", "source": "Telegram/xjZhV_f2I40u_gZ5Y9pOVFhnJN0E2bmWml1qQJ167kLkCRw", "content": "", "creation_timestamp": "2022-09-24T18:28:05.000000Z"}, {"uuid": "3033626f-7bdf-4f18-b907-d13caca03e90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27279", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/96", "content": "PoC for a stored XSS in MyBB < 1.8.25 (CVE-2021-27279). The vulnerability was found by our researcher Igor Sak-Sakovskiy.\n\nPayload: [email]a@a.a?[email=a@a.a? onmouseover=alert(1) a]a[/email][/email]\n\nAdvisory: https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w", "creation_timestamp": "2021-12-07T13:52:25.000000Z"}, {"uuid": "48507039-6d46-4e57-9d66-47de16bb63a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27279", "type": "seen", "source": "https://t.me/ptswarm/62", "content": "MyBB fixed a Persistent XSS (CVE-2021-27279) in MyBB < 1.8.25 found by our researcher Igor Sak-Sakovskiy.\n\nRCE is possible when chained with CVE-2021-27890, reported by Simon Scannell & Carl Smith.\n\nAdvisory: https://mybb.com/versions/1.8.25/", "creation_timestamp": "2021-08-12T15:53:02.000000Z"}, {"uuid": "ed52129c-e91b-4828-a5e9-30db81409270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27279", "type": "seen", "source": "https://t.me/cibsecurity/23945", "content": "\u203c CVE-2021-27279 \u203c\n\nMyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-22T22:33:45.000000Z"}]}