Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1281

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2006-1281
Last Modified 07 Mar 2011 09:32:42
Published 19 Mar 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2006-1281

Summary

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.

Vulnerable Systems

Application

  • Mybulletinboard 1.0 Final

  • Mybulletinboard 1.0 Pr2

  • Mybulletinboard 1.0.1

  • Mybulletinboard 1.0.2

  • Mybulletinboard 1.0.3

  • Mybulletinboard 1.0.4

  • Mybulletinboard 1.10

  • Mybulletinboard Rc1

  • Mybulletinboard Rc2

  • Mybulletinboard Rc3

  • Mybulletinboard Rc4


References

SECUNIA - 19213

CONFIRM - http://community.mybboard.net/showthread.php?tid=7368

XF - mybb-member-url-xss(25266)

VUPEN - ADV-2006-0971

BID - 17492

BID - 17097

BUGTRAQ - 20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login

OSVDB - 23935

MISC - http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html

MISC - http://kapda.ir/advisory-296.html


Last Updated: 27 May 2016 10:42:00