4.3
CVE-2006-0470
- EPSS 2.44%
- Veröffentlicht 31.01.2006 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:20:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mybulletinboard ≫ Mybulletinboard Version1.0.1
Mybulletinboard ≫ Mybulletinboard Version1.0.2
Mybulletinboard ≫ Mybulletinboard Version1.0_final
Mybulletinboard ≫ Mybulletinboard Version1.0_pr2
Mybulletinboard ≫ Mybulletinboard Version1.0_preview_release_2
Mybulletinboard ≫ Mybulletinboard Version1.0_rc2
Mybulletinboard ≫ Mybulletinboard Version1.0_rc4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.44% | 0.821 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://community.mybboard.net/attachment.php?aid=2181
http://community.mybboard.net/showthread.php?tid=6418
http://seclists.org/lists/bugtraq/2006/Jan/0414.html
http://secunia.com/advisories/18617
http://securityreason.com/securityalert/374
http://www.osvdb.org/22750
http://www.securityfocus.com/bid/16387
http://www.vupen.com/english/advisories/2006/0350
https://exchange.xforce.ibmcloud.com/vulnerabilities/24466