Lucene search

[email protected]CVE-2006-1717

HistoryApr 11, 2006 - 11:02 p.m.

CVE-2006-1717

2006-04-1123:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1717

mybb

mybulletinboard

xss

newthread.php

web script

html

username

nvd

6.3 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardeq1.10

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.10

References

secunia.com/advisories/19516

www.securityfocus.com/archive/1/430464/100/0/threaded

www.securityfocus.com/bid/17427

exchange.xforce.ibmcloud.com/vulnerabilities/25730

6.3 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2006-1717

cvelist1 prion1