1. CVE-Search
  2. CVE-2006-2755
ID CVE-2006-2755
Summary Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.
References
Vulnerable Configurations
  • cpe:2.3:a:ubbcentral:ubb.threads:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.5.2_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.5.2_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:ubbcentral:ubb.threads:6.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ubbcentral:ubb.threads:6.5.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 18152
bugtraq
  • 20060528 Advisory: UBBThreads 5.x,6.x Multiple File InclusionVulnerabilities.
  • 20060529 UBBThreads 5.x,6.x md5 hash disclosure
misc http://www.nukedx.com/?viewdoc=40
sreason 1007
xf ubbthreads-index-xss(26870)
Last major update 18-10-2018 - 16:41
Published 02-06-2006 - 01:02
Last modified 18-10-2018 - 16:41
Back to Top