Lucene search

[email protected]CVE-2006-0364

HistoryJan 22, 2006 - 8:03 p.m.

CVE-2006-0364

2006-01-2220:03:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2006-0364

cross-site scripting

xss

mybulletinboard

mybb

web security

remote attack

html injection

signature vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

JSON

Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by “&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116”.

Affected configurations

NVD

Node

mybulletinboardmybulletinboardMatch1.0.1

mybulletinboardmybulletinboardMatch1.0.2

mybulletinboardmybulletinboardMatch1.0_final

mybulletinboardmybulletinboardMatch1.0_pr2

mybulletinboardmybulletinboardMatch1.0_preview_release_2

mybulletinboardmybulletinboardMatch1.0_rc2

mybulletinboardmybulletinboardMatch1.0_rc4

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardeq1.0.1
mybulletinboard:mybulletinboardmybulletinboardeq1.0.2
mybulletinboard:mybulletinboardmybulletinboardeq1.0_final
mybulletinboard:mybulletinboardmybulletinboardeq1.0_pr2
mybulletinboard:mybulletinboardmybulletinboardeq1.0_preview_release_2
mybulletinboard:mybulletinboardmybulletinboardeq1.0_rc2
mybulletinboard:mybulletinboardmybulletinboardeq1.0_rc4

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0.1
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0.2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_final
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_pr2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_preview_release_2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_rc2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_rc4

References

archives.neohapsis.com/archives/bugtraq/2006-01/0332.html

secunia.com/advisories/18544

www.osvdb.org/22628

www.securityfocus.com/bid/16308

www.vupen.com/english/advisories/2006/0255

exchange.xforce.ibmcloud.com/vulnerabilities/24225

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2006-0364

cvelist1 nvd1 prion1