Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0770

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-0770
Last Modified 07 Mar 2011 09:30:47
Published 18 Feb 2006 04:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0770

Summary

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Mybulletinboard 1.0 Final

  • Mybulletinboard 1.0 Pr2

  • Mybulletinboard 1.0 Preview Release 2

  • Mybulletinboard 1.0 Rc2

  • Mybulletinboard 1.0 Rc4

  • Mybulletinboard 1.0.1

  • Mybulletinboard 1.0.2

  • Mybulletinboard 1.0.3

  • Mybulletinboard 1.0.4


References

XF - mybb-advanceddetails-xss(24748)

VUPEN - ADV-2006-0635

OSVDB - 23264

SECUNIA - 18866


Last Updated: 27 May 2016 10:41:48