CVE-2018-19202 (mybb)

A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the ‘upsetting[bburl]’ parameter.
Source: NIST
CVE-2018-19202 (mybb)