The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile.Referenceshttps://www.exploit-db.com/exploits/46080/https://github.com/Sama34/OUGC-Awards/pull/31https://github.com/Sama34/OUGC-Awards/issues/29
