Lucene search
MitreCVE-2008-3966HistorySep 11, 2008 - 1:13 a.m.
CVE-2008-3966
2008-09-1101:13:47
CWE-79
mitre
web.nvd.nist.gov
28
mybb
mybulletinboard
xss
vulnerability
remote attackers
html
web script
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.003
Percentile
71.8%
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.
Affected configurations
Node
mybbmybbRangeβ€1.4.0
ORmybbmybbMatch1.00
ORmybbmybbMatch1.01
ORmybbmybbMatch1.1.0
ORmybbmybbMatch1.1.1
ORmybbmybbMatch1.1.2
ORmybbmybbMatch1.1.3
ORmybbmybbMatch1.1.4
ORmybbmybbMatch1.1.5
ORmybbmybbMatch1.1.6
ORmybbmybbMatch1.1.7
ORmybbmybbMatch1.1.8
ORmybbmybbMatch1.02
ORmybbmybbMatch1.2
ORmybbmybbMatch1.2.0
ORmybbmybbMatch1.2.1
ORmybbmybbMatch1.2.2
ORmybbmybbMatch1.2.3
ORmybbmybbMatch1.2.4
ORmybbmybbMatch1.2.5
ORmybbmybbMatch1.2.6
ORmybbmybbMatch1.2.7
ORmybbmybbMatch1.2.8
ORmybbmybbMatch1.2.9
ORmybbmybbMatch1.2.10
ORmybbmybbMatch1.2.11
ORmybbmybbMatch1.2.12
ORmybbmybbMatch1.2.13
ORmybbmybbMatch1.03
ORmybbmybbMatch1.04
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mybb | mybb | * | cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:* |
| mybb | mybb | 1.00 | cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:* |
| mybb | mybb | 1.01 | cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.0 | cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.1 | cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.2 | cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.3 | cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.4 | cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.5 | cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.6 | cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2008-3966
2008-09-11 01:13:47
prion
prion
Cross site scripting
2008-09-11 01:13:00
cvelist
cvelist
CVE-2008-3966
2008-09-10 15:00:00
seebug
seebug
MyBB 1.41ηζ¬δΉεε€δΈͺζͺζζΌζ΄
2008-09-14 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.003
Percentile
71.8%
Related for CVE-2008-3966