MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.Referenceshttps://github.com/mybb/mybb/security/advisories/https://github.com/mybb/mybb/security/advisories/GHSA-gxhv-r3m5-6qv7
