CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1717
https://notcve.org/view.php?id=CVE-2006-1717
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. • http://secunia.com/advisories/19516 http://www.securityfocus.com/archive/1/430464/100/0/threaded http://www.securityfocus.com/bid/17427 https://exchange.xforce.ibmcloud.com/vulnerabilities/25730 •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2006-1625
https://notcve.org/view.php?id=CVE-2006-1625
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. Vulnerabilidad de XSS en inc/functions_post.php en MyBB (también conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un evento JavaScript en una etiqueta de correo electrónico BBCode, como se demuestra usando el evento onmousemove. • http://secunia.com/advisories/19516 http://www.osvdb.org/24375 http://www.securityfocus.com/archive/1/429748/100/0/threaded http://www.securityfocus.com/bid/17368 http://www.vupen.com/english/advisories/2006/1216 https://exchange.xforce.ibmcloud.com/vulnerabilities/25615 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1345
https://notcve.org/view.php?id=CVE-2006-1345
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. • http://www.securityfocus.com/archive/1/428056/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25337 •
CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 5CVE-2006-1281
https://notcve.org/view.php?id=CVE-2006-1281
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-296.html http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://secunia.com/advisories/19213 http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427744/100/0/threaded http://www.securityfocus.com/bid/17097 http://www.securityfocus.com/bid/17492 http://www.vupen.com/english/advisories/2006/0971 https://exchange.xforce.ibmcloud.com/vulnerabilities/25266 •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 3CVE-2006-1282
https://notcve.org/view.php?id=CVE-2006-1282
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •