Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0470

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0470
Last Modified 07 Mar 2011 09:30:05
Published 31 Jan 2006 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0470

Summary

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

Vulnerable Systems

Application

  • Mybulletinboard 1.0 Final

  • Mybulletinboard 1.0 Pr2

  • Mybulletinboard 1.0 Preview Release 2

  • Mybulletinboard 1.0 Rc2

  • Mybulletinboard 1.0 Rc4

  • Mybulletinboard 1.0.1

  • Mybulletinboard 1.0.2


References

VUPEN - ADV-2006-0350

BID - 16387

OSVDB - 22750

SECUNIA - 18617

BUGTRAQ - 20060125 MyBB 1.0.2 XSS attack in search.php redirection

CONFIRM - http://community.mybboard.net/showthread.php?tid=6418

CONFIRM - http://community.mybboard.net/attachment.php?aid=2181

XF - mybb-search-xss(24466)

SREASON - 374


Last Updated: 27 May 2016 10:41:40