Lucene search

[email protected]CVE-2006-1716

HistoryApr 11, 2006 - 11:02 p.m.

CVE-2006-1716

2006-04-1123:02:00

[email protected]

web.nvd.nist.gov

cve-2006-1716

mybb

xss

web security

vulnerability

nvd

5.5 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.8%

JSON

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue.

Affected configurations

NVD

Node

mybulletinboardmybulletinboardMatch1.10

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardeq1.10

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.10

References

kapda.ir/advisory-305.html

myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html

secunia.com/advisories/19516

www.osvdb.org/24375

www.securityfocus.com/archive/1/430344/100/0/threaded

www.securityfocus.com/bid/17413

exchange.xforce.ibmcloud.com/vulnerabilities/25615

5.5 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2006-1716

prion2 cvelist2 nvd2 cve1