Summary: A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.Published: Friday, March 29, 2019 - 15:29cvss: