Vulnerability Details CVE-2006-0364
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html
- http://secunia.com/advisories/18544
- http://www.osvdb.org/22628
- http://www.securityfocus.com/bid/16308
- http://www.vupen.com/english/advisories/2006/0255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24225
- http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html
- http://secunia.com/advisories/18544
- http://www.osvdb.org/22628
- http://www.securityfocus.com/bid/16308
- http://www.vupen.com/english/advisories/2006/0255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24225
Products affected by CVE-2006-0364
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2
-
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4