CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).

Source: CVE-2021-27279