Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1716

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1716
Last Modified 07 Mar 2011 09:33:43
Published 11 Apr 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1716

Summary

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue.

Vulnerable Systems

Application

  • Mybulletinboard 1.10


References

XF - mybb-email-img-bbcode-xss(25615)

XF - mybb-email-bbcode-xss(25615)

BID - 17413

BUGTRAQ - 20060407 [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack

OSVDB - 24375

SECUNIA - 19516

MISC - http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html

MISC - http://kapda.ir/advisory-305.html


Last Updated: 27 May 2016 10:42:10