Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1625

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-1625
Last Modified 07 Mar 2011 09:33:27
Published 05 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1625

Summary

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.

Vulnerable Systems

Application

  • Mybulletinboard 1.10


References

XF - mybb-email-bbcode-xss(25615)

VUPEN - ADV-2006-1216

BID - 17368

BUGTRAQ - 20060402 MyBB 1.10 New CrossSiteScripting

OSVDB - 24375

SECUNIA - 19516

XF - mybb-email-img-bbcode-xss(25615)


Last Updated: 27 May 2016 10:42:36