MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27279.json"
[ { "events": [ { "introduced": "0" }, { "fixed": "1.8.25" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "1.8.25" } ] } ]