CVE-2006-3761

Опубликовано: 21 июл. 2006

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.01:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mybulletinboard:mybulletinboard:1.04:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01328

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p5gj-3gm4-45m5

github

почти 4 года назад