Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0442

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0442
Last Modified 07 Mar 2011 09:30:03
Published 26 Jan 2006 05:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0442

Summary

Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in a editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.

Vulnerable Systems

Application

  • Mybulletinboard 1.0.2


References

VUPEN - ADV-2006-0316

BID - 16361

BUGTRAQ - 20060124 [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting

SECTRACK - 1015535

SECUNIA - 18603

MISC - http://kapda.ir/advisory-241.html


Last Updated: 27 May 2016 10:41:39