ID |
CVE-2006-2949
|
Summary |
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. This vulnerability is addressed in the following product release:
MyBB, MyBB, 1.1.3 |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 6.8 (as of 18-10-2018 - 16:44) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 18297 | bugtraq | 20060606 MyBB 1.1.2 New XSS | secunia | 20492 | vupen | ADV-2006-2190 | xf | mybb-private-xss(26994) |
|
Last major update |
18-10-2018 - 16:44 |
Published |
12-06-2006 - 20:06 |
Last modified |
18-10-2018 - 16:44 |