Lucene search

[email protected]CVE-2006-3953

HistoryAug 01, 2006 - 9:04 p.m.

CVE-2006-3953

2006-08-0121:04:00

[email protected]

web.nvd.nist.gov

cve-2006-3953

xss vulnerability

mybb

usercp.php

web security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

Affected configurations

NVD

Node

mybulletinboardmybulletinboardMatch1.0.1

mybulletinboardmybulletinboardMatch1.0.2

mybulletinboardmybulletinboardMatch1.0.3

mybulletinboardmybulletinboardMatch1.0.4

mybulletinboardmybulletinboardMatch1.0_final

mybulletinboardmybulletinboardMatch1.0_pr2

mybulletinboardmybulletinboardMatch1.0_preview_release_2

mybulletinboardmybulletinboardMatch1.00_rc1

mybulletinboardmybulletinboardMatch1.00_rc2

mybulletinboardmybulletinboardMatch1.0_rc2

mybulletinboardmybulletinboardMatch1.00_rc3

mybulletinboardmybulletinboardMatch1.0_rc4

mybulletinboardmybulletinboardMatch1.00_rc4

mybulletinboardmybulletinboardMatch1.00_rc4_security_patch

mybulletinboardmybulletinboardMatch1.01

mybulletinboardmybulletinboardMatch1.1

mybulletinboardmybulletinboardMatch1.1.1

mybulletinboardmybulletinboardMatch1.1.2

mybulletinboardmybulletinboardMatch1.1.3

mybulletinboardmybulletinboardMatch1.1.4

mybulletinboardmybulletinboardMatch1.1.5

mybulletinboardmybulletinboardMatch1.1.7

mybulletinboardmybulletinboardMatch1.04

mybulletinboardmybulletinboardMatch1.10

mybulletinboardmybulletinboardMatch1.14

mybulletinboardmybulletinboardMatch1.20

CPENameOperatorVersion
mybulletinboard:mybulletinboardmybulletinboardeq1.0.1
mybulletinboard:mybulletinboardmybulletinboardeq1.0.2
mybulletinboard:mybulletinboardmybulletinboardeq1.0.3
mybulletinboard:mybulletinboardmybulletinboardeq1.0.4
mybulletinboard:mybulletinboardmybulletinboardeq1.0_final
mybulletinboard:mybulletinboardmybulletinboardeq1.0_pr2
mybulletinboard:mybulletinboardmybulletinboardeq1.0_preview_release_2
mybulletinboard:mybulletinboardmybulletinboardeq1.00_rc1
mybulletinboard:mybulletinboardmybulletinboardeq1.00_rc2
mybulletinboard:mybulletinboardmybulletinboardeq1.0_rc2

CPE	Name	Operator	Version
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0.1
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0.2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0.3
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0.4
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_final
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_pr2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_preview_release_2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.00_rc1
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.00_rc2
mybulletinboard:mybulletinboard	mybulletinboard	eq	1.0_rc2

Rows per page:

1-10 of 261

References

securityreason.com/securityalert/1319

www.securityfocus.com/archive/1/441534/100/0/threaded

www.securityfocus.com/bid/19193

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2006-3953

nvd1 cvelist1