CVE-2006-0470 - Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote

CVE-2006-0470

Summary

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

References

Vulnerable Configurations

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16387
bugtraq	20060125 MyBB 1.0.2 XSS attack in search.php redirection
confirm	http://community.mybboard.net/attachment.php?aid=2181 http://community.mybboard.net/showthread.php?tid=6418
osvdb	22750
secunia	18617
sreason	374
vupen	ADV-2006-0350
xf	mybb-search-xss(24466)

Last major update

20-07-2017 - 01:29

Published

31-01-2006 - 11:03

Last modified

20-07-2017 - 01:29