CVE-2021-28968

PunBB prior to 1.4.6 is affected by a Cross‑Site Scripting (XSS) flaw in the [email] BBCode tag. The vulnerability allows an authenticated attacker to inject arbitrary JavaScript into forum messages. Root cause is an XSS in the way the [email] tag is processed, enabling script injection with user...